System and method for time based digital content access

ABSTRACT

A content reproduction control system comprising a server apparatus and a terminal apparatus that are connected via a communication path, wherein the server apparatus includes: based on time information attached to a content, a control information generation unit operable to generate control information for specifying a range for permitting or prohibiting a user&#39;s predetermined operation in the terminal apparatus; and a distribution unit that distributes the control information to the terminal apparatus, the terminal apparatus includes: a content use unit operable to use the content; a receiving unit operable to receive the control information; and a content use control unit operable to control reproduction of the content based on the received control information.

TECHNICAL FIELD

The present invention relates to a system in which a server apparatusdistributes digital contents such as video and music throughcommunication and broadcast and in which the digital contents are usedin a terminal apparatus by a user. It relates in particular to a systemfor controlling a special reproduction (a trick play) such as time skipand fast-forward for a specific part of the digital contents in theterminal apparatus according to an intention of a provider.

BACKGROUND ART

In recent years, a content distribution service which is capable ofdistributing digital contents such as music, video and game (hereafterreferred to as content) from a server apparatus to a terminal apparatusthrough communication such as Internet, digital broadcast, CableTelevision (CATV), and of using the content in a terminal apparatus hasdeveloped for a practical use. A common system used for the contentdistribution uses a copyright protection technique for protecting acopyright of content in order to prevent an illegal use of the contentby a malicious user. The copyright protection technique is, in specific,a technique of securely controlling use of content by a user such asreproducing the content or copying it to a recording media usingencoding technique, identification technique and the like. Using thecopyright protection technique allows a provider such as a contentprovider and a service provider to securely control the use of contentin the terminal apparatus by a user.

By the way, a usage pattern with high usability by the user in aterminal apparatus having a large storage unit such as a Hard Disk Drive(HDD) has examined. The high usability includes temporally storing adistributed content to the terminal apparatus and viewing a contentwhich the user wants to see at whenever the user wishes to. At anAssociation of Radio Industries and Businesses (ARIB) that is anorganization of standardizing digital broadcast in Japan, a server-typebroadcasting method is standardized as a digital broadcasting methodusing a large capacity storage function. As for the server-typebroadcasting method, ARIB STD-B25 version 4.1 explains in detail.

However, in the terminal apparatus having such storage function, asituation that users do not watch a commercial message (CM) is caused bytemporally storing a content including the CM into the terminalapparatus, skipping, fast forwarding and rewinding a CM part whilewatching by a time shift. Consequently, it is likely to cause demeritsthat a CM effect is weakened for the provider and the CM cost islowered. As a technique resolving the problem, for example, a patentliterature: a Japanese Laid-Open Patent Literature application no.2002-209878, explains a system of controlling a CM skip in the terminalapparatus as an example of the content reproduction control system byembedding a CM skip prohibition signal or a CM skip prohibition resetsignal before and after the CM part of the content in the serverapparatus.

Accordingly, in the conventional content reproduction control system, itcan prevent the use of content by a user contrary to the intention ofthe provider by embedding control information indicating that a specialreproduction is prohibited in an area such as the CM part of the contentand the like where the content provider wants to prohibit the use of thespecial reproduction.

However, the conventional content reproduction control system prevents aspecial reproduction of the CM part so that control information forcontrolling a CM viewing needs to be embedded into the content. Ingeneral, it is common that an encoder that digitally encodes the contentdoes not have a function of identifying the CM part of the content oreven a function of inserting information for the CM viewing control.Therefore, it is necessary to have a specialized encoder to generate acontent which can control the CM viewing. Consequently, it causes anincrease of costs on the provider.

Resolving these conventional problems, the present invention aims toprovide a content reproduction control system capable of preventing thecontent use by the user contrary to the intention of the provider at lowcost by securely realizing the use control of a specific part of thecontent such as CM part in the terminal apparatus without insertingcontrol information to the content.

DISCLOSURE OF INVENTION

In order to achieve the above-mentioned objective, the contentreproduction control system according to the present invention comprisesa server apparatus and a terminal apparatus that are connected to eachother via a communication path, wherein the server apparatus includes: acontrol information generation unit operable to generate, based on timeinformation attached to a content, control information which specifies arange for permitting and prohibiting a user's predetermined operation ona reproduction of the content performed in the terminal apparatus; and adistribution unit operable to distribute the control information to theterminal apparatus, and the terminal apparatus includes: a content useunit operable to use the content; a receiving unit operable to receivethe control information; and a content use control unit operable tocontrol the reproduction of the content based on the received controlinformation, the reproduction being included in the use of the contentperformed by the content use unit.

The present configuration makes it possible to securely control aspecific portion of the content without embedding special informationinto the content for the use control.

According to the present invention, the CM viewing by a user can besecurely controlled using secure time information pre-existed in thecontent without embedding the control information for controlling the CMviewing in the content body. Therefore, the present invention can applycontent generated using a general encoder and can reduce cost burdens ona provider. Furthermore, securely binding the content such as when thepreexisted time information is encrypted in the content, the CM viewingby the user can be securely controlled using the time information.

Note that the present invention can be realized not only as a contentreproduction control system but also as a server apparatus and aterminal apparatus that configures the content reproduction controlsystem, a content reproduction control method having characteristicsteps included in the server apparatus and the terminal apparatus, aswell as a program that causes a computer to execute such steps. Here, itis needless to say that such program can be distributed via recordingmedium such as CD-ROM or via a transmission medium such as Internet.

As further information about technical background to this application,the disclosure of Japanese Patent Application No. 2003-378574 filed onNov. 7, 2003 including specification, drawings and claims isincorporated herein by reference in its entirety.

BRIEF DESCRIPTION OF DRAWINGS

These and other objects, advantages and features of the invention willbecome apparent from the following description thereof taken inconjunction with the accompanying drawings that illustrate a specificembodiment of the invention. In the Drawings:

FIG. 1 is a diagram showing a conceptual configuration of a contentreproduction control system 1 as a whole according to the embodiment ofthe present invention.

FIG. 2 is a diagram showing a sketch of an encryption key scheme in acontent distribution based on a server type broadcasting method type I.

FIG. 3 is a functional block diagram showing a detailed configuration ofa right management server 101 a shown in FIG. 1.

FIG. 4 is a diagram showing an example of a structure of a work keymanagement table 400 in a key information DB 301.

FIG. 5 is a diagram showing an example of a structure of a keymanagement table 500 in the key information DB 301.

FIG. 6 is a diagram showing an example of a structure of a userinformation management table 600 in a user information DB 302.

FIG. 7 is a diagram showing an example of a structure of a usage rulemanagement table 700 in a usage rule DB 303.

FIG. 8 is a diagram showing an example of a structure of a contentinformation management table 800 in a content information DB 304.

FIG. 9 is a diagram showing an example of a structure of a main license900.

FIG. 10 is a diagram showing an example of a structure of a sublicense1000.

FIG. 11 is a functional block diagram showing a detailed configurationof a content distribution server 101 b shown in FIG. 1.

FIG. 12 is a diagram showing an example of a structure of a contentattribute information management table 1200 in a content attributeinformation DB 1102.

FIG. 13 is a diagram showing a schema of a structure of a PES packet1300.

FIG. 14 is a diagram showing a schema of a structure of a TS packet1400.

FIG. 15 is a diagram showing a data structure of a control informationtag block 1500.

FIG. 16 is a conceptual diagram showing a method of calculating aPTS1343 a in the beginning of the content.

FIG. 17 is a diagram showing an example of reproduction controlinformation (control information 1503) according to the embodiment ofthe present invention.

FIG. 18 is a diagram showing an example of structures of ECM-Kw1800 andECM-Kc1810.

FIG. 19 is a diagram showing an example of a structure of a Kcdistribution ECM 1900.

FIG. 20 is a diagram showing an example of a structure of the sublicense1000 after inserting to the control information tag block 1500.

FIG. 21 is a functional block diagram showing a detailed configurationof a terminal apparatus 102 shown in FIG. 1.

FIG. 22 is a diagram showing an example of a structure of a datastructure of a UL 2200.

FIG. 23 is a diagram showing an example of a structure of an ELI 2300.

FIG. 24 is a flowchart showing a processing performed for obtaining themain license 900.

FIG. 25 is a flowchart showing a subroutine of a license issuingpermission judgement processing (S2404) shown in FIG. 24.

FIG. 26 is a flowchart showing a processing of generating the sublicense1000 in the right management server 101 a and a processing oftransmitting a work key Kw203, a content key Kc205 and a sublicense1000.

FIG. 27 is a flowchart showing an ECM generation processing and acontent transmitting processing of the content distribution server 101b.

FIG. 28 is a flowchart showing process operations for viewing a contentstored in a content storage unit 2103 in the terminal apparatus 102 by auser.

FIG. 29 is a flowchart showing a subroutine of a content use processing(S2806) shown in FIG. 28.

FIG. 30 is a flowchart showing process operations for time skipping ofthe content while viewing the stored content.

FIG. 31 is a flowchart showing operations for fast-forwarding thecontent (CM section) while viewing the stored content.

FIG. 32 is a flowchart showing operations for previewing the contentwhile viewing the content.

BEST MODE FOR CARRYING OUT THE INVENTION

Hereafter, it explains about the content reproduction control systemaccording to an embodiment of the present invention with references tofigures.

FIG. 1 is a diagram showing a conceptual configuration of a contentreproduction control system 1 as a whole according to the embodiment ofthe present invention.

The content reproduction control system 1 is a system that securelycontrols a reproduction when a user uses in a terminal apparatus anencrypted content to be distributed from a distribution center (that is,a service provider) via a network and the like. As shown in FIG. 1, thesystem has a distribution center 101 that distributes a license and thelike to give permission for a content and a content use, a plurality ofterminal apparatuses 102 a to 102 c (three apparatuses are shown in thediagram) of using the content, and a network 103 such as Internetmutually connecting those.

The distribution center 101 includes a right management server 101 athat manages the right (usage rules) of using the content held by theuser; generates a license of the content; and distributes the license tothe terminal apparatuses 102 a to 102 c, a distribution server 101 bthat distributes the content to the terminal apparatuses 102 a to 102 c,a billing server 101 c that charges the user, a web server 101 d thattransmits a web screen for providing each service to the terminalapparatuses 102 a to 102 c through the network 103, and a LAN 101 nmutually connecting those.

The right management server 101 a is a server apparatus that manages theusage rules of the content held by the user and attaches a license fordecrypting the content encrypted by the user. In specific, the rightmanagement server 101 a manages the usage rules of the contents held byeach user or each terminal apparatuses 102 a to 102 c, and distributes,in response to a request from a user, a license to the terminalapparatuses 102 a to 102 c through the network 103. Also, when apush-type content is distributed through the digital broadcast and abroadband Internet, a license may be distributed together with thecontent so that a generated license is transmitted to the contentdistribution server 101 b.

Here, the license is made of an encryption key for decrypting theencrypted content, and usage rules such as restriction on the contentuse, the number of use and the like. An example of a data structure ofthe license is explained later in detail using figures.

Further, when data such as license to be secured is sent and receivedamong the distribution center 101 and the terminal apparatuses 102 a to102 c via the network 103, a Secure Authenticated Channel (hereafteralso referred to as “SAC”) such as a Secure Socket Layer (SSL) and aTransport Layer Security (TLS) is set and data is sent and received.

The content distribution server 101 b is a server apparatus thatdistributes the content to the terminal apparatuses 102 a to 102 cthrough the network 103, the server being realized by a specifichardware, a work station or the like. In specific, the contentdistribution server 101 b is digitally compressed by a compressionmethod such as MPEG-2 and MPEG-4, if necessary, encrypted by a commonkey encryption algorithm such as Advanced Encryption Standard (AES) andTriple Data Encryption Standard (DES), and distributes the encryptedcontent by streaming or downloading.

In particular, in a server-type broadcasting method in a digitalsatellite broadcasting and a terrestrial broadcasting, a method ofdistributing a stream-type content which can be commonly used for a realtime viewing and a stored viewing is standardized and called asserver-type broadcasting method type I, the stream type contentmultiplexing the contents of MPEG-2 and MPEG-4 (Elementary Stream,hereafter referred to as ES) by a Packetized Elementary Stream (PES) anda Transport Stream (TS).

Here, it is briefly explained about an encryption key scheme in acontent distribution based on the server-type broadcasting method typeI.

FIG. 2 is a diagram showing a sketch of the encryption key scheme.

Here, a sending side of distributing the content and the encryption keyand receiving side of receiving the content and the encryption key areseparately explained.

Firstly, on the sending side, the content is encrypted (202) with anencryption key called a scramble key Ks201, that is, scrambled, and sentto the receiving side. As for the scramble of the content, a payload ofa TS packet is scrambled by each MPEG-2 TS packet as a unit. Also, thescramble key Ks201 is a time variant key which is changed for every fewminutes in order to improve security against an illegal reception.

In addition, the scramble key Ks201 for scrambling the content isencrypted (204) with a work key Kw203 and sent to the receiving side.The work key Kw203 is an encryption key assigned for each group,contract with each broadcasting agency used in the conventional commonlimited receiving method. In order to secure the work key Kw 203 itself,in general, it is updated for every few months to few years. A datastructure for sending information relating to the content including thescramble key Ks201 at least is called an Entitlement Control Message(ECM) and structured as a private section of the MPEG-2 systems. The ECMencrypted with the work key Kw203 is called ECM-Kw and used for the realtime viewing of the broadcast content.

The scramble key Ks201 for scrambling the content is also encrypted(204) using a content key Kc205 and sent to the receiving side. Thecontent key Kw205 is an encryption key assigned for each content andstructured as a private section of the MPEG-2 systems similar to theECM-Kw. The ECM encrypted with the content key Kc205 including thescramble key Ks201 at least is called as ECM-Kc and used for a storedviewing of the broadcast content.

Further, the content key Kc205 is encrypted with the work key Kw203 andtransmitted to the receiving side. The ECM encrypted with the work keyKw203 including the content key Kc205 at least is called a Kcdistribution ECM and used for a stored viewing of the broadcast content.The Kc distribution ECM is structured as a private section of the MPEG-2Systems similar to the ECM-Kw and the ECM-Kc.

Note that, an example of data structures of ECM-Kw, ECM-Kc, Kcdistribution ECM are explained later in detail with reference tofigures.

The encrypted content generated as described above, ECM-Kw, ECM-Kc, andKc distribution ECM are packeted in the MPEG-2 TS, and sent to thereceiving side after being multiplexed (207) with data such as ProgramSpecific Information (PSI) and Service Information (SI) if necessary.

On the other hand, on the receiving side, the MPEG-2 TS packet in whichthe encrypted content, the ECM-Kw, the ECM-Kc and Kc distribution ECMare multiplexed is received and separated (210) in order to respectivelyobtain the encrypted content, the ECM-Kw, the ECM-Kc, and the Kcdistribution ECM.

When the content is viewed at real time, the ECM-Kw is obtained; theECM-Kw is decrypted (212) with the work key Kw203 previously held at thereceiving side; and the scramble key Ks201 is obtained. Accordingly, theencrypted content is decrypted (213) and the content use is allowed.Note that, the ECM-Kw is used only at the real time viewing so that itis not necessarily to be stored in a storage unit which is not shown inthe diagram.

On the contrary, at the stored viewing, the encrypted content, theECM-Kc, the Kc distribution ECM stored in the storage unit (not shown inthe diagram) are readout. The Kc distribution ECM is decrypted (214)with the work key Kw203 and the content key Kc205 is obtained. Then, theECM-Kc is decrypted (212) with the content key Kc205; the encryptedcontent is decrypted (213) and the content use is allowed.

Note that the ARIB STD-B25 version 4.1 describes, in addition to theabove description, a method for sharing the work key Kw203 at thesending and receiving sides. However, in the present embodimentaccording to the present invention, it explains about a case where a SACis established between the sending side and the receiving side and thework key Kw203 is shared through communication. As described in the ARIBSTD-B25 version 4.1, using a data structure called EntitlementManagement Message (EMM), the work key Kw203 may be shared between thesending side and the receiving side by distributing the work key Kw 203through the broadcasting. In this case, in order to prevent the EMM tobe listened, it is distributed by encrypting with a specific key foreach receiving terminal called master key. The master key is anencryption key previously held in the sending and receiving sides. Onthe receiving side, it is managed in a secure place in the terminalapparatus 102 or shipped by being written previously in a module withhigh anti-tamper characteristic called security module and used byinserting the security module into the terminal apparatus 102.

Also in here, in order to store the Kc distribution ECM encrypted withthe work key Kw203 into a storage unit (not shown in FIG. 2), an exampleof storing the Kc distribution ECM without an encryption transformationis described for a concise explanation. However, for a regular or anirregular update of the work key Kw203, an encryption transformation forthe Kc distribution ECM may be performed using an encryption key (groupkey) shared previously among the plurality of terminal apparatuses orthe master key specific to the terminal apparatus 102.

Hereafter, based on an encryption scheme on the basis of the server-typebroadcast method type I, the content reproduction control system 1according to the embodiment of the present invention is explained.

Back to FIG. 1, in order to further reproduce and control the content inthe terminal apparatuses 102 a to 102 c, the content distribution server101 b generates reproduction control information for reproducing andcontrolling a specific part of the content based on attributeinformation previously set to the content and distributes the generatedcontrol information to the terminal apparatuses 102 a to 102 c togetherwith the ECM.

The billing server 101 c is a server apparatus for billing on line whenpurchasing usage rules of the content and the like via the Internet andthe like. In specific, the billing server 101 c charges and makes apayment using a credit card or, based on the records of purchasesuploaded from the terminal apparatuses 102 a to 102 c via the network103, by registering in advance a user's bank account number to thebilling server 101.

The web server 101 d provides a content purchasing screen for accessingeach service from the terminal apparatuses 102 a to 102 c by a user. Inspecific, through the Internet using a protocol such as HTTP, the webserver 101 d provides a web page written in a script language such asHyper Text markup Language .(HTML) and Extensible Markup Language (XML)and a page written in Broadcasting Markup Language (BML) in a digitalbroadcast.

The LAN 101 n is a network for mutually connecting, in the distributioncenter 101, a right management server 101 a, a content distributionserver 10 b, a web server 101 d, and a billing server 101 c. Forexample, it can be realized using a cable network such as IEEE802.3 or awireless network such as IEEE802.11b.

The network 103 is a network mutually connecting the distribution center101 to the terminal apparatuses 102 a to 102 c. For example, the network103 is a communication network such as Internet, a digital broadcasting,or a composed network thereof.

The terminal apparatuses 102 a to 102 c are a terminal apparatus havinga function of connecting to the network 103, and a monitor screen onwhich the user uses the content, the terminal apparatus being used forwriting the content into the recording media. In specific, the terminalapparatuses 102 a to 102 c are a Set Top Box (STB) for receiving thedigital broadcast, a content display apparatus such as a digital TV, aDigital Versatile Disc (DVD) recorder, a HDD recorder, a PersonalComputer (PC), a recorder or a composed apparatus thereof.

In the content reproduction control system 1 configured as describedabove, the following processing is explained in detail, the processingof distributing the content and the license through the network 103 suchas a digital broadcast and a broadband Internet and viewing the contentbased on the license and the reproduction control information in theterminal apparatuses 102 a to 102 c. Note that, hereafter, the terminal102 a is used as a representative of the terminal apparatuses 102 a to102 c and explained as a terminal apparatus 102.

FIG. 3 is a functional block diagram showing a detailed configuration ofthe right management server 101 a shown in FIG. 1.

The right management server 101 a is mainly composed of a database unit300 realized by data files stored in a HDD and the like and a licenseprocessing unit 310 realized by a program and the like executed using ahardware such as system LSI, or CPU, RAM, and ROM.

The database unit 300 has key information DB 301, user information DB302, usage rules DB 303, content information DB304 and the like.

The key information DB 301 is a database managing a work key Kw203 givenby signing for a service between the user and a service provider and acontent key Kc 205 assigned for each content for stored viewingrespectively in a work key management table and in a content keymanagement table. It is used when the content distribution server 101 bgenerates the ECM-Kw, the ECM-Kc, and the Kc distribution ECM, toprovide the work key Kw 203 and the content key Kc 205, and when theterminal apparatus 102 requests the license including the work key Kw203, to search the work key Kw 203 in compliance with the contract(contract ID) of the user.

FIG. 4 is a diagram showing an example of a structure of the work keymanagement table 400 included in the key information DB 301.

As shown in FIG. 4, the work key management table 400 has each fields ofan contract ID 401, a work key ID 402 and a work key Kw 203 and managesa pair of the work key ID 402 with the work key Kw 203 corresponding tothe contract ID 401.

For example, in FIG. 4, the work key ID 402 corresponding to thecontract ID 401 of “CONTRACT-ID-00001” is “Kw-ID-00001” and the pairedwork key Kw 203 is “0x2340685345310911”. Here, the contract ID 401indicates a type of a contract pattern toward a service provided by theprovider. For example, it is a “sports content pack” that can viewcontents relating to sports, a ““movie content pack” that can view moviecontents and the like. However, it is allowed to identify the contractID 401 with usage rules set in the license and include the contract IDas an item of the ECM by assigning the work key Kw 203 to each serviceprovider, but not by assigning the work key Kw 203 to each contract ID.The work key ID 402 is information used for identifying the work key Kw203 which has encrypted the ECM.

FIG. 5 is a diagram showing an example of a structure of the content keymanagement table 500 included in the key information DB 301.

As shown in FIG. 5, the content key management table 500 has each fieldof a content ID 501 for uniquely identifying the content in the contentreproduction control system 1 and the content key Kc 205 correspondingto the content ID 501, and manages the content key Kc using the contentID as a key.

For example, the content key Kc205 for decrypting the encrypted contentwith the content ID of “CONTENT-ID-00001” is shown as“0x1234567890abcdef”.

The user information DB 302 is a database having a user informationmanagement table for managing information related to users. It is usedto associate the terminal apparatus 102 accessing to the rightmanagement server 101 a with a user holding usage rules managed in theusage rule DB 303.

FIG. 6 is a diagram showing a structure of an example of a userinformation management table 600 included in the user information DB302.

As shown in FIG. 6, the user information management table 600 has eachfield of a user ID 601 for uniquely specifying a user in the contentreproduction control system 1 and a terminal ID 602 for uniquelyspecifying the terminal apparatus 102 in the content reproductioncontrol system 1, and manages the user ID and the terminal ID.

For example, in FIG. 6, it is shown that a user with the user ID 601 of“USER-ID-00001” has the terminal apparatus 102 with the terminal ID 602of “TERMINAL-ID-00001”. Also, a user with the user ID 601 of“USER-ID-00002” has two terminal apparatuses 102 with the terminal IDs602 of “TERMINAL-ID-12345” and “TERMINAL-ID-54321”, indicating that bothterminal apparatuses 102 can access to the right management server 110a.

Note that, a data registration to the user information DB 302 isperformed when the user registers for a membership to receive servicesprovided by the service provider. The membership registration processingmay be performed online at the distribution center 101 and the terminalapparatus 102 by the user through a membership registration screenprovided by the web server 101 d via the network 103. Also, it may beperformed offline using a post card for the member registration. In themember registration processing, the service provider firstly assigns auser ID 601 to the user. After that, the terminal ID 602 of the user'sterminal apparatus 102 is notified by the service provider online oroffline. Therefore, the user ID 601 and the terminal ID 602 areassociated with each other and registered in the user informationmanagement table 600 of the user information DB 302. After the abovementioned membership registration processing, the user information DB302 is constructed.

The usage rules DB 303 is a database managing usage rules regarding thecontract between each user and the provider using the usage rulesmanagement table. Responding to a license obtainment request from theterminal apparatus 102, it judges whether or not the user satisfies theusage rules and the license is generated when the usage rules aresatisfied.

FIG. 7 is a diagram showing an example of a structure of a usage rulemanagement table 700 included in the usage rules DB 303.

As shown in FIG. 7, the usage rule management table 700 has each fieldof a user ID 701 for uniquely identifying a user in the contentreproduction control system 1 and indicating the owner of the usageconditions, a usage rule ID 702 for identifying the usage rules held bythe user identified by the user ID 701, a contract ID 703 for uniquelyidentifying a contract pattern of the user in the content reproductioncontrol system 1, a validity period 704 indicating a starting date and atermination date specified by the contract ID 703, a issuing permissionremaining times 705 indicating the number of remaining times ofpermitted issuing of a license in compliance with the contract patternindicated by the contract ID 703, and manages the user's usage rulesusing the user ID as a key.

For example, a user with the user ID 701 of “USER-ID-00001” has usagerules with the usage rule ID 702 of “URUs-ID-00001”. The usage rulesshown as “URUs-ID-00001” is a contract between the user and the providerindicated by the contract ID 703 of “CONTRACT-ID-00001” whose validityperiod 704 is 2003/12/31˜2004/1/30” and the number of remaining times ofpermitted issuing of a license is “1” time as shown in the number ofremaining issuing permission times 705. Also, the user with the user ID701 of “USER-ID-00002” has two usage rules ID 702 of “URUs-ID-00002” and“URUs-ID-10011”. Among them, the usage rule “URUs-ID-00002” is a usagerule toward the contract pattern with the contract ID 703 of“CONTRACT-ID-13452” whose validity period 704 is “2003/12/1˜2004/12/31”and the number of remaining issuing permission times 705 is “1”, whichindicates that a license having the validity period can be issued oncemore. Also, the usage rules of “URUs-ID-10011” is usage rules of thecontract pattern with the contract ID 703 of “CONTRACT-ID-99999” whosevalidity period 704 is unlimited (∞) and the number of remaining issuingpermission times 705 is three times.

The content information DB 304 is a database having a contentinformation management table storing usage rules for each content and isused for generating a license (a sublicense to be described later) setfor each content.

FIG. 8 is a diagram showing an example of a structure of a contentinformation management table 800 included in the content information DB304.

As shown in FIG. 8, the content information management table 800 haseach field of a content ID 801 for uniquely identifying a content in thecontent reproduction control system 1, a license ID 802 for uniquelyidentifying a license in the content reproduction system 1, a validityperiod 803 indicating a validity period of the license, and a usepermission times 804 indicating the number of times available for usingthe license, and manages the content usage rules using the content ID asa key.

For example, in FIG. 8, it is shown that the content with the content ID801 of “CONTENT-ID-00001” has the license ID 802 of “LICENSE-ID-00001”whose validity period 803 is “2003/12/31˜2004/1/30” and the useavailability times 804 is “∞ (unlimited)”. These values are set in thesublicense.

Next, it is explained in detail about each unit of the licenseprocessing unit 310.

The license processing unit 310 is composed of a license issuing unit311 and a server communication unit 312 as shown in FIG. 3.

The license processing unit 311 is a unit for generating a license (amain license to be described later) for the user in response to alicense issuing request from the terminal apparatus 102. Additionally,in order to send the content key Kc 205 to the terminal apparatus 102together with the content via the digital broadcasting, the licenseissuing unit 311 issues a license (a sublicense described later)including the content key Kc 205 and sends to the content distributionserver 101 b.

In specific, the license issuing unit 311 receives a license issuingrequest from the terminal apparatus 102 and generates a licensecorresponding to the user's contract after judging whether or not thelicense issuing request satisfies user's usage rules using the userinformation DB 302 and the usage rules DB 303. A license that is issuedfor the user's contract and applicable to a plurality of contentscorresponding to the contract is called a main license, which includesthe work key Kw203 shown in FIG. 2.

On the other hand, the license sent to the content distribution server101 b is a license issued for single content and is called a sublicense.The sublicense includes the content key Kc205 shown in FIG. 2 andencrypted with the work key Kw203. Also, the sublicense is set to theECM in the content distribution server 101 b and sent to the terminalapparatus 102. Therefore, in order to use a content to which thesublicense is assigned, it is necessary to obtain a main license towhich the work key Kw203 has been encrypting the sublicense.

The server communication unit 312 is a unit for communicating with theterminal apparatus 102 through the network 103.

Here, it explains in detail about the main license and the sublicensegenerated by the license issuing unit 311.

FIG. 9 is a diagram showing an example of a structure of the mainlicense.

As shown in FIG. 9, a main license 900 is made of a license header 901,an action tag block 902, an encryption key tag block 903, and a licensefooter 904.

The license header 901 includes a group of contents whose use arepermitted by the main license 900, that is, a contract ID foridentifying a type of a subscription (contract) and a validity period(validity of the contract ) of the main license 900. The action tagblock 902 indicates usage rules relating to a reproduction of a contentand a copying into the recording media. The encryption key tag block 903includes the work key Kw203 for decrypting the encrypted content keyKc205. The license footer 904 is a hash value for detecting an unfairalternation of the main license 900.

More in detail, the license header 901 is made of a license identifier911 for identifying the main license 900, the license ID 912 which is anidentifier for uniquely specifying the main license 900 for each userand system, a license size 913 showing a data length of the main license900 as a whole, and a license validity period 914 indicating a period oftime when the main license 900 is available.

The action tag block 902 more in detail includes an action ID 921 forspecifying an action such as “play”, “copy”, or “print” by the user tothe content and a usage rule for use unit 922 indicating a usage ruleunique to a unit which reproduces, copies and the like the content.Here, the usage rule for use unit 922 is a usage rule depending on atype and a performance by a content use unit providing a function ofusing the content. For example, it includes specifying an audio channelof a movie content (can be reproduced at 5.1 ch or at 2 ch), resolvingthe movie content, specifying the size, and the like.

In the encryption key tag block 903, more in detail, the work key Kw203is set at a binary value and is used for decrypting ECM including thesublicense such as ECM-Kw and Kc distribution ECM.

The license footer 904, more in detail, detects an unfair alternationand secures the correctness when the main license 900 is stored in anon-secure region such as a hard disk. It calculates a hash value of anarea where the alternation of the main license 900 needs to be preventedand manages the calculation result every time when the content of themain license 900 is updated. The hash value needs to be managed in anarea that is anti-tampered. As a specific hash algorithm, Secure HashAlgorithm 1 (SHA-1), SHA-256 and the like can be used.

FIG. 10 is a diagram showing an example of a structure of thesublicense.

Similar to the main license 900, the sublicense 1000 is made of alicense header 1001, an action tag block 1002, an encryption key tagblock 1003, and a license footer 1004. Also, the license header 1001 hasa license identifier 1011, a license ID 1012, a license size 1013, avalidity period 1015, and further a content ID 1014. The action tagblock 1002 has a counter 1022 in addition to an action ID 1021 and theusage rule for use unit 1023.

Compared to the main license 900, the sublicense 1000 specifies singlecontent with which the sublicense 1000 permits the use so that it canset the content ID 1014 in the license header 1001. The action tag block1002 has the counter 1022 indicating a usage rule such as the number oftimes permitted for reproducing the content and copying into therecording media. Also., in the encryption key tag block 1003, thecontent key Kc205 for decrypting the ECM-Kc is set in the binary value.Since other items in the sublicense 1000 are same as in the main license900, the explanations about other items are omitted in here. Note thatin the case where there are same items in the main license 900 and inthe sublicense 1000, a value set in the sublicense 1000 is applied.However, it may determine which license to prioritize according to anoperation.

Next, it is explained in detail about a configuration of a contentdistribution server 101 b.

FIG. 11 is a functional block diagram showing a detailed configurationof the content distribution server 101 b shown in FIG. 1.

The content distribution server 101 b is an apparatus that outputscontents such as MPEG-2 and MPEG-4 in a format of a MPEG-2 TS packet.The apparatus includes a content DB 1101, a content attributeinformation DB 1102, a timer unit 1103, a time information attachmentunit 1104, a content encoding unit 1105, a reproduction controlinformation generation unit 1106, an ECM generation unit 1107, a contentmultiplex unit 1108, a content encryption unit 1109, a content deliveryunit 1101 and the like.

The content DB 1101 is a database for storing contents. In specific, thecontent DB 1101 is, for example, a Video Cassette Recorder (VCR) storinga movie, a documentary and the like, or a video camera for shootingvideo and audio for live broadcast.

The content attribute information DB 1102 is a database having a contentattribute information management table for storing various informationrelated to a content such as a content title, information aboutstructure within the content and the like.

FIG. 12 is a diagram showing an example of a structure of a contentattribute information management table 1200 included in the contentattribute information DB 1102.

As shown in FIG. 12, the content attribute information management table1200 has each field of a content ID 1201 for uniquely identifying acontent in the content reproduction control system, a content title 1202indicating a name of a content, a preview permitted section 1203indicating a time range during which a preview is permitted beforepurchasing the content when the content is Pay Per View (PPV) typecontent, and a CM section 1204 indicating a CM section included in thecontent and manages various information relating to the content usingthe content ID as a key.

For example, the content with the content ID 1201 of “CONTENT-ID-00001”has attributes of the content title 1202 of “Inoue Tetsuya NEWS 23”, andthe preview permitted section 1203 is “0 min. ˜10 min.” as a relativevalue from the beginning of the content, and the CM section 1204 is “5min. ˜8 min.”, “20 min. ˜25 min.” and “40 min. ˜43 min.” as relativevalues from the beginning of the content. Also, the content ID 1201 of“CONTENT-ID-00002” whose content title 1202 is “product X” has differentattributes of the preview permission section for the real time viewing(0 min. ˜10 min.) and the preview permission section for the storedviewing (5 min. ˜10 min., 20 min. ˜30 min. etc) and a content attributesuitable for a characteristic of the stored viewing is determined.Further, since the content does not include CM, the CM section 1204 isindicated as “−(no CM)”. Note that, the content in which the previewpermission section 1203 is not set indicates that the preview is notpermitted. Also, the content in which the CM section 1204 is not setindicates that a part where special reproduction is not prohibited inthe content since the content does not include CM. Whereas the part isspecified with precision by a minute time in here, it is needless to saythat it may be specified with precision by a second time.

The timer unit 1103 is a unit that outputs time which becomes a basis inthe content distribution server 101 b. Specifically, the timer unit 1103generates a standard time of 42 bit with an accuracy of 27 MHz calledSystem Time Clock (STC) and supplies to the time information attachmentunit 1104.

The time information attachment unit 1104 obtains time information fromthe timer unit 1103 and attaches it to the content encoding unit 1105.In specific, the time information attachment unit 1104 obtains a valueof STC from the timer unit 1103 and attaches, to the content encodingunit 1105, according to a regulation of the MPEG-2 Systems, a time stampfor Presentation Time Stamp (PTS) and Decoding Time Stamp (DTS) with anaccuracy of 700 ms at least. Also, according to the regulation of MPEG-2Systems, a time stamp for a Program Clock Reference (PCR) with anaccuracy of 100 ms at least is attached.

In here, it is explained as an example that the timer unit 1103 and thetime information attachment unit 1104 are set outside the contentencoding unit 1105 which is explained next. However, they may be setinside the content encoding unit 1105.

The content encoding unit 1105 is a unit reading a content to betransmitted to the terminal apparatus 102 and encoding the content in aMPEG format.

In specific, the content encoding unit 1105 is a real time encodergenerating a MPEG stream, which reads video, audio and the like from thecontent DB 1101 according to an instruction from an upper system (e.g. aprogram operation management system etc.) and generates ES of the MPEG-2and the MPEG-4 of the video, audio, and the like. Further, it generatesa PES packet including these ES, lastly TS-packeted and transmitted tothe content multiplex unit 1108.

Here, it is explained about a scheme of a structure of the PES packet.

FIG. 13 is a diagram showing the scheme of the structure of the PESpacket.

As shown in FIG. 13, the PES packet 1300 is made of a Packet Start CodePrefix 1310 which is a code indicating a start of the PES packet, aStream ID 1320 indicating a type of data such as audio and videoincluded in the PES, a PES Packet Length 1330 indicating data length ofthe PES packet 1300, an Optional PES Header 1340 which is an optionalPES header, a Stuffing Bytes 1350 which is a stuffing, a PES Packet DataBytes 1360 in which data (ES) such as audio and video are set.

The Optional PES Header 1340 includes elements of “10” field 1341, a PESHeader Data Length 1342 and an Optional Fields 1343. Also, the OptionalFields 1343 includes elements of a PTS 1343 a, a DTS 1343 b, an ESCR1343 c and a PES Extension 1343 d. Further, the PES Extension 1343 dincludes elements of 5flags 1380, PES Private Data 1381, and a PESExtension Field 1382.

FIG. 14 is a diagram showing a scheme of a structure of a TS packet.

The TS packet 1400 is made of a TSP Header 1410, an Adaptation Field1420, and a TSP Payload 1430.

The TSP Header 1410 is a header of the TS packet 1400 including a PacketID (PID) for specifying a code indicating the start of the TS packet1400 and a type of data set in the TS packet, atransport_scrambling_control which is a flag indicating whether or notpayload of the TS packet (a TSP Payload 1430 to be described later) isencrypted, and the like.

The Adaptation Field 1420 is used as an option, in which timeinformation and private data can be set.

The Adaptation Field 1420 includes elements of a Length 1421, aDiscountinuity Indicator 1422, a PCR_Flag 1424, Optional Fields 1425 andStuffing Bytes 1426. Also, the Optional Fields 1425 includes elements ofa PCR 1425 a, an OPCR 1425 b, a Splice Countdown 1425 c, a Private DataLength 1425 e, an Adaptation Field Extension Length 1425 f, Flags 1425 gand Optional Fields 1425 h.

The TSP Payload 1430 is a payload in which the TS packet 1400, PSI/SIand the like are set.

Note that, it is described in detail about the PES packet and the TSpacket in the MPEG-2 Systems in ISO/IEC 13818-1 which is aninternational standard.

Next, it is explained about time information set by the content encodingunit 1105 using the PES packet explained in FIG. 13 and the TS packet1400 explained in FIG. 14.

When the PES packet 1300 is generated using the time informationobtained from the time information attachment unit 1104, that is, thevalue of STC, the content encoding unit 1105 attaches the PTS 1343 a andthe PTS 1343 b that are elements of the Optional Fields 1343 in theoptional header 1340 to the PES packet 1300. Note that, the PTS 1343 ais information indicating time when video and audio included in the PESpacket are displayed on the terminal apparatuses 102 a to 102 c.Further, the DTS 1343 b is information indicating time when the videoand audio included in the PES packet 1300 are decoded.

The. PTS 1343 a and the DTS 1343 b are set in an appropriate PES packet1300 in order for each PES packet to be decoded and displayed certainlyin the terminal apparatuses 102 a to 102 c when the PTS 1343 a and theDTS 1343 b agree with STC held in the terminal apparatuses 102 a to 102c.

When generating the TS packet 1400, the content encoding unit 1105attaches a PCR 1425 a which is an element in the Optional Fields 1425 ofthe Adaptation Field 1420 in the TS packet 1400 using a value of timeinformation (STC) obtained from the time information attachment unit1104. Using the PCR 1425 a, the terminal apparatuses 102 a to 102 c canreproduce a standard clock (STC) synchronous to STC of the transmissionapparatus, the standard clock being a standard for synchronizing aplurality of ES (video, audio, data etc.).

Hereafter, return to FIG. 11, it is continuously explained about aconfiguration of the content distribution server 101 b.

The reproduction control information generation unit 1106 is a unitgenerating information for controlling a reproduction of a specific partof content. In specific, the reproduction control information generationunit 1106 i) obtains the preview permission section 1203 and the CMsection 1204 of a content corresponding to the content delivered fromthe content distribution server 101 b from the content attributeinformation management table 1200 managed by the content attributeinformation DB 1102 and ii) generates the preview control informationand the CM skip control information respectively corresponding asreproduction control information. In order to set the reproductioncontrol information in the sublicense 1000 generated by the rightmanagement server 101 a, the control information tag block which has aformat settable in the sublicense 1000 is generated and the reproductioncontrol information is set in the control information tag block.

FIG. 15 is a diagram showing a data structure of the control informationtag block.

As shown in FIG. 15, the control information tag block 1500 is made of acontrol information tag value 1501 indicating that the tag block is thecontrol information tag block 1500, a control information length 1502indicating a size of the control information tag block 1500, and controlinformation 1503 indicating reproduction control information such aspreview control information and CM skip control information. The controlinformation 1503 includes a number of control information 1510indicating a number of pieces of reproduction control informationincluded in the control information 1503, a control ID 1511 indicatingreproduction control contents, a control expiration 1512 indicating anexpiration of the reproduction control, the number of control times 1513indicating the number of controlling the reproduction, and a controlrange 1514 specifying a portion of the content to be reproduced andcontrolled using time information attached to the content. Further, thecontrol range 1514 specifies the portion of the content to be reproducedand controlled using a pair of the control start time (1521, 1523) andthe control end time (1522, 1524). Also, a plurality of the pairs of thecontrol start time and the control end time included in the controlrange 1514 is possibly set. Therefore, it shows a number of pairs of thecontrol start time and the control end time set in the control range1514 as a number of time information control times 1520.

Herein, the preview permission section 1203 and the CM section 1204 inthe content attribute information management table 1200 are relativetime from the beginning of the content. Therefore, it is necessary toconvert them into a value using time information (PTS1343 a) actuallyattached to the content. The PTS 1343 a is a clock value with 90 KHz sothat it can be converted to a relative time based on the PTS 1343 a fromthe beginning of the content by dividing the relative time with 90000from the beginning of the content. Further, by obtaining a value of thePTS 1343 a in the beginning of the content, the preview permissionsection and the CM skip control section can be expressed using the PTS1343 a attached to the content. The pair of the control start time andthe control end time to be set in the control range 1514 is set as timeinformation using the PTS 1343 a.

By the way, reproduction control information including the control range1514 is set in the sublicense 1000, further set in the ECM anddistributed to the terminal apparatus 102 from the content distributionserver 101 b. Herein, a seamless reproduction of sequential contents isrealized in the terminal apparatus 102 so that the ECM is delivered justbefore the content actually starts. Therefore, it is necessary togenerate the reproduction control information before coding anddelivering the content so that, in the generation of the reproductioncontrol information, the PTS 1343 a in the beginning of the contentneeds to be obtained by calculation.

FIG. 16 is a conceptual diagram indicating a method of calculating thePTS 1343 a in the beginning of the content. Note that, FIG. 16 shows anexample in the case where the distribution of the content starts at timet2 from the content distribution server 101 b to the terminal apparatus102.

As described above, the content distribution server 101 b needs todistribute the ECM at the time as long as β (time t1) before thedelivery of the content is started. Herein, a timing of generating thereproduction control information (time t0) needs to be determinedconsidering the amount of time α required for generating thereproduction control information and the ECM. Here, α is described as atotal of time A to time D. As specific values of the time A to time D:the time A is time required for obtaining a value for the PTS at thetime t0 from the content encoding unit 1105; the time B is time forcalculating a value for the PTS in the beginning of the content; thetime C generates the-reproduction control information and time requiredto be set in the sublicense 1000; and the time D is time required forgenerating the ECM and encrypting with the work key Kw203 and thecontent key Kc205. That is, the value of the PTS 1343 a at the startingtime of the content delivery (PTS 1343 a in the beginning of thecontent) can be calculated as a value of adding time α and time β to thevalue of PTS 1343 a obtained from the content encoding unit 1105 at timet0.

In here, it shows an example in the case where the values of the PTS1343 a calculated at the control start time and the control end time areset as the control range 1514. However, it can be set the value of thePTS 1343 a in the beginning of the content separately to thereproduction control information and the like by setting a relative timefrom the beginning of the content using the value of the PTS 1343 a asthe control range 1514. Accordingly, the amount of calculation of thetime information in the generation processing of the reproductioncontrol information (relevant to the time C described above) can bereduced-.

FIG. 17 shows an example of the reproduction control information(control information 1503) generated as above described. Hereafter, itis explained with references to FIG. 15 and FIG. 17.

In FIG. 17, a number of control information 1510 is “2” (1701), asdescribed later, which is composed of two information of information fora preview control and information for a CM skip control.

As the first information, it is shown that the control ID 1511 is“preview permitted” (1702), the control expiration 1512 is “2004/9/14”(1703), the number of control times 1513 is “1 time” (1704), the controlrange 1514 is “1. 10000˜100000” (1705, 1706). Therefore, as the previewcontrol relating to the content, it is indicated that a part with thePTS 1343 a value of 1000 to 100000 is allowed to be previewed once apart where the preview is allowed until the period of time 2004/9/14.Here, as for the number of control times 1513, it is realized byrecording the PTS 1343 a of the reproduced content part as a viewingrecords and managing how many times the part are viewed when the contentis used in the terminal apparatus 102.

As the second information, it is shown that the control ID 1511 is“special reproduction unavailable” (1711), the control expiration 1512is “2004/7/6” (1712), the number of control times 1513 is “3 times”(1713), the control range 1514 is “2. 20000˜100000” (1714, 1715) and““500000˜1000000” (1716, 1717) and the like. Therefore, as a specialreproduction control relating to the CM part of the content, it is shownto control a part with the PTS1343 a value of 20000 to 100000 and 500000to 1000000 as a part where the CM skipping is not permitted at threetimes by a normal reproduction.

The control information tag block 1500 including the reproductioncontrol information generated as above described is set in thesublicense 1000 and further set in the ECM so that it is sent to the ECMgeneration unit 1107. Note that, an ID of the license which set thereproduction control information may be set in the reproduction controlinformation in order to clearly identify which reproduction controlinformation corresponds to which license.

Hereafter, return again to FIG. 11, it is continued explaining about theconfiguration of the content distribution server 101 b.

The ECM generation unit 1107 is a unit generating an ECM including thescramble key Ks201 and the sublicense 1000. In specific, the ECMgeneration unit 1107 receives, from the right management server 101 a,the work key Kw203 and the content key Kc205, the sublicense 1000 andreceives, from the reproduction control information generation unit1106, the control information tag block 1500. Then, according to aninstruction sent from the ECM generation unit 1107 and an upper system,the ECM-Kw, the ECM-Kc, and the Kc distribution ECM are generated; thescramble key Ks201 generated by the scramble key generation unit (notshown in FIG. 11) for a content is set; the control information tagblock 1500 is inserted into the sublicense 1000 and set as the Kcdistribution ECM. Further, the ECM generation unit 1107 encrypts thegenerated each ECM with the work key Kw203 and the content key Kc205 andsends the generated ECM to the content multiplex unit 1108. Also, theECM generation unit 1107 sends the generated scramble key Ks201 to thecontent encryption unit 1109 which encrypts the content.

Here, it is explained in detail about the data structure of the ECM-Kw,the ECM-Kc, and the Kc distribution ECM data.

FIG. 18 is a diagram showing an example of a data structure of the ECMwhich mainly transmits the scramble key Ks210. In the terminal apparatus102, the format of an ECM-Kw1800 encrypted with the work key Kw203 forthe real time viewing and the format of an ECM-Kc1810 encrypted with thecontent key Ks205 for the stored viewing are same and only theencryption keys (the work key Kw203 and the content key Ks205) forencrypting the content differ.

The ECM-Kw1800 and the ECM-Kc1810 shown in FIG. 18 are information usedfor transmitting the scramble key Ks201 and information relating to thecontent, including a provider ID 1802, a work key ID 1803, a content ID1804, a scramble key Ks201, a content related information 1806, and analternation detection 1807. Also, in order to multiplex into a transportstream in a private section format of the MPEG-2 systems, a sectionheader 1801 and a section tailer (error detection) 1807 are attached tothe ECM-Kw1800 and the ECM-Kc1810.

The provider ID 1802 is a code for identifying a provider who provides aservice in the content reproduction control system 1, which is referredtogether with the work key ID 2803 to be described next.

The work key ID 1803 is information for identifying the work key Kw203for encrypting the ECM, which is set to a non-encryption part of theECM. When the encrypted ECM is decrypted, with reference to the work keyID 1803, it can be judged which work key Kw203 should be used fordecrypting the ECM.

The content ID 1804 is an identifier assigned for each content and isused for uniquely identifying the content in the content reproductioncontrol system 1.

The scramble key Ks201 is an encryption key for encrypting a payload inthe TS packet 1400 of the content (TSP-Payload1430). In general, aplurality of encryption keys are set to the scramble key Ks201 in orderfor the terminal apparatus 102 to reduce the amount of time required forobtaining the scramble key Ks201 to be changed for every few seconds.

The content related information 1806 is a variable length data to whichinformation indicating an attribute of the content and the like isattached when it is necessary.

A hash value for detecting an unfair alternation of the ECM to beencrypted is set to the alternation detection 1807.

FIG. 19 is a diagram showing an example of a data structure of the Kcdistribution ECM which mainly transmits the content key Kc205 fordecoding the ECM-Kc1810 for the stored viewing.

As shown in FIG. 19, the Kc distribution ECM 1900 is information usedfor transmitting the content key Kc205 and the sublicense 1000,including a provider ID 1902, a work key ID 1903, a sublicense 1000, andan alternation detection 1904. The content key Kc205 and the content IDare included in the sublicense 1000. Also, similar to the ECM-Kw 1800and the ECM-Kc 1810, a section header 1901 and a sector tailer 1905(error detection) are attached to the Kc distribution ECM 1900.

The similar explanations could be provided for the provider ID 1902, thework key ID 1903, and the alternation detection 1904 as for the providerID 1802 in the ECM-Kw 1800 and the ECM-Kc 1810, the work key ID 1803 andthe alternation detection 1808. Therefore, those explanations areomitted in here.

Also, as for the sublicense 1000 in the Kc distribution ECM 1900, asshown in FIG. 20, it has a data structure which the control informationtag block 1500 obtained from the reproduction control informationgeneration unit 1006 is inserted to the sublicense 1000 obtained fromthe right management server 101 a. Each item of the sublicense 1000 andthe control information tag block 1500 has been explained in FIG. 10 andFIG. 15. Therefore, the explanation is omitted.

Note that, time information can be included in the ECM-Kw1800, theECM-Kc1810 and the Kc distribution ECM 1900. Herein, each ECM isencrypted and distributed so that, in particular for the real timeviewing, the viewing control using secure time information set in theECM can be realized.

Hereafter, return again to FIG. 11, it is continued explaining about aconfiguration of the content distribution server 101 b.

The content multiplex unit 1108 i) multiplexes a transport streamincluding video, audio and data received from the content encoding unit1105 with a transport stream including one or a plurality of ECMsreceived from the ECM generation unit 1107 and ii) delivers themultiplexed transport stream to the content encryption unit 1109.Specifically, the content multiplex unit 1108 i) multiplexes a TSpacketed content received from the content coding unit 1105, the TSpacketed ECM-Kw1800, ECM-Kc1810 and Kc distribution ECM 1900 receivedfrom the ECM generation unit 1107 and ii) generates a transport streamfor to be delivered to the terminal apparatus 102.

The content encryption unit 1109 securely binds the protection ofcontent and time information to the content by encrypting the contentusing AES and the like. Specifically, the content encryption unit 1109encrypts (scrambles) the payload except an adaptation field in the TSpacket, using the scramble key Ks201 obtained from the ECM generationunit 1107 in a Cipher Block Chaining (CBC)+Output Feed Back (OFB) mode.Accordingly, it securely binds the time information to the content.

The content delivery unit 1110 delivers the TS packet 1400 encrypted inthe content encryption unit 1109 to the terminal apparatus 102.Specifically, the content delivery unit 1110 transmits the transportstream received from the content encryption unit 1109 as broadcast waveto the terminal apparatus 102 through the network 103.

In here, it shows an example of the case where the content stored in thecontent DB 1101 is read and encrypted for real time in the contentencoding unit 1105. However, PES (ES) or TS are generated offline inadvance so that the encoding processing at the content delivery in thecontent encoding unit 1105 may be omitted.

Also in here, whereas a non encrypted content stored in the content DB1101 is encrypted in the content encryption unit 1109 when the contentis distributed, the pre-encrypted MPEG-2 TS content can be stored.

Note that detailed configurations of the billing server 101 c and theweb server 101 d in the distribution center 101 are not the main purposeof the present invention. Therefore, those explanations are omitted inhere.

Next, a configuration of the terminal apparatus 102 in the contentreproduction control system 1 is explained.

FIG. 21 is a functional block diagram showing a detailed configurationof the terminal apparatus 102 shown in FIG. 1.

The terminal apparatus 102 is made of a terminal communication unit 2101which provides a communication interface with outside, a separation unit2102 which separates the received transport stream into content and dataother than the content, a content storage unit 2103 which storescontents, a license processing unit 2104 which processes and manages alicense, a license DB 2105 which stores the license, a content usecontrol unit 2106 which securely controls the use of content, a contentdecryption unit 2107 which decrypts the encrypted content, and a contentuse unit 2108 which uses the content, a viewing record recording unit2109 which records viewed part of the content as a viewing record, aviewing record DB 2110 which stores the viewing records, a terminalapplication 2111 which provides an interface mainly to a user, and atimer unit 2112 which securely clocks.

The terminal communication unit 2102 is a unit for communicating withthe distribution center 101 through the network 103.

The separation unit 2102 i) obtains the encrypted content multiplexed bythe MPEG-2 TS, ii) refers PSI information such as Program AssociationTable (PAT), Program Map Table (PMT) included in the transport stream,iii) obtains a PID of the TS packet 1400 in which the TS packet 1400 andthe PCR 1425 a including video, audio and data of a content, theECM-Kw1800, the ECM-Kc1810 and the Kc distribution ECM 1900 areinserted, and iv) separates the content from the ECM. Additionally, theseparation unit 2102, at the same time, refers to the PCR_PID listed inthe PMT (PID which includes PCR), obtains the TS packet 1400 of the PIDin which PCR 1425 a is inserted in the Adaptation_field 1420 of the TSpacket 1400, and supplies to the timer unit 2112 as a standard clock forthe content reproduction in the terminal apparatus 102. Also, when thecontent is temporally stored in the content storage unit 2103, theseparation unit 2102 selects necessary information from the PSIinformation such as PAT and PMT, generates the PSI information such asSelection Information Table (SIT) and Discontinuity Information Table(DIT), and generates a stream called a partial transport stream(hereafter referred to partial TS) from the received transport stream.

The content storage unit 2103 stores the generated partial TS.Specifically, the content storage unit 2103 is realized in the largecapacity HDD and the like and stores the partial TS generated from thetransport stream received at the separation unit 2102.

The license processing unit 2104, based on the license, securely judgeswhether or not use of the content is permitted. Specifically, thelicense processing unit 2104 judges, when the user requested the use ofcontent, whether or not the content can be used based on the mainlicense 900 obtained from the right management server 101 a or the usagerules included in the sublicense 1000 obtained together with thecontent. Then, so far as the usage rules permits the use of content, itgives an encryption key for decoding the encrypted content to thecontrol unit 2106.

For example, the license processing unit 2104 refers the validity period914 set in the license header 901 of the main license 900 and judgeswhether or not the content can be used. Referring to the secure presenttime provided by the timer unit 2112 held in. the terminal apparatus102, when the present time is within the validity period 914, thelicense processing unit 2104 judges that a reproduction of the contentis permitted.

Here, among the license processing unit 2104, the content use controlunit 2106 and the content decryption unit 2107, the content key Kc205 issecurely sent and received so that a SAC is established and the contentkey Kc205 is safely sent and received. However, when the licenseprocessing unit 2104, the content use control unit 2106 and the contentdecryption unit 2107 are located in a same anti-tamper region such as inthe same system LSI, the content key Kc205 can be safely sent andreceived. Therefore, the establishment of SAC is not the necessityprocess.

The license DB 2105 is a database for securely managing the license andstoring the main license 900 and the like obtained from the licenseprocessing unit 2104. Specifically, the license DB 2105 stores andmanages the main license 900 and the like obtained from the rightmanagement server 101 a shown in FIG. 9, and stores the hash value forthe main license 900 and the like in the license DB 2105, in order toprevent illegal operations such as an alternation, into a region where asoftware or a hardware is anti-tampered.

The content use control unit 2106 securely controls the use of contentusing the work key Kw203 and the usage rules from the license processingunit 2104. Specifically, the content use control unit 2106, during thereal time viewing, obtains the TS packet 1400 of the ECM-Kw1800 from thetransport stream received from the separation unit 2102 and restructuresthe ECM-Kw1800. The content use control unit 2106 then decrypts theECM-Kw1800 obtained as described above with the work key Kw203; obtainsthe scramble key Ks201 for descrambling the content; and supplies to thecontent decryption unit 2107. During the stored viewing, the content usecontrol unit 2106 decrypts the Kc distribution ECM 1900 with the workkey Kw203 from the transport stream read out from the content storageunit 2103 and obtains the sublicense 1000. Then, after judging the usagerules included in the sublicense 1000, the content use control unit2106, only when the content can be used, decrypts the ECM-Kc1810 withthe content key Kc205 included in the sublicense 1000 and obtains thescramble key Ks201.

Further, the content use control unit 2106 clocks used time of thecontent using the secure timer unit 2112 and controls the content useaccording to the usage rules.

The content decryption unit 2107 decrypts the encrypted content.Specifically, the content decryption unit 2107 i) obtains the contentmultiplexed by the encrypted MPEG-2 TS, ii) refers to the PSIinformation such as PAT and PMT included in the transport stream, andiii) obtains the PID of the TS packet in which the TS packet and the PCRincluding video, audio, data of the content are inserted. Then, itdecrypts a payload of the TS packet 1100 encrypted by referring totransport_scrambling_control (not shown in FIG. 14) included in the TSPHeader 1410 using the scramble key Ks201 obtained from the content usecontrol unit 2106.

The content use unit 2108 decodes the content and outputs to a monitorand the like not shown in FIG. 21. Specifically, the content use unit2108 obtains the PCR 1425 a in the transport stream and synchronizes,with a function of Phased Lock Loop (PLL) included in the content useunit 2108, the STC (timer unit 1103) of the content distribution server10 1 b and the STC included in the content use unit 2108 (not shown inthe diagrams). Then, it obtains data of the PES packet 1300 from the TSPPayload 1430 of the TS packet 1400, decodes ES such as video, audio anddata of the MPEG-2 and MPEG-4, and outputs to the monitor. Furthermore,it notifies a use termination notice to the content use control unit2106 when the use of content is terminated.

The viewing record recording unit 2109 corrects information about aviewed part of the content viewed in the content use unit 2108 asviewing records. Specifically, the viewing record recording unit 2109obtains PTS 1343 a at which the reproduction is started and ended in thecontent use unit 2108, receives the value of the PTS 1343 a as theviewing record and stores into the viewing record DB 2110 as Usage Log(hereafter referred to as UL). It is explained later in detail about adata structure of the UL using figures.

The viewing record DB 2110 is a database for storing UL obtained fromthe viewing record recording unit 2109.

Here, the data structure of the UL is explained.

FIG. 22 is a diagram showing an example of a structure of the datastructure of the UL.

A UL 2200 has a UL identifier 2201 which is an identifier that can beuniquely identified by each user, a UL size indicating a size of the UL2200 as a whole, a user ID 2203 for specifying a user who has generatedthe UL 2200, a terminal ID 2204 for specifying the terminal apparatus102 which has generated the UL 2200, a content ID 2205 for associatingthe content used by the user with the UL 2200, a license ID 2206 forassociating the license used by the user (the main license 900 and thesublicense 1000) with the UL 2200, an action type 2207 for specifying acontext (type.) about which the user has operated the content, a usestart time 2208 which is an absolute time when the user startedoperating the content, number of time information 2209 which indicates anumber of time information 2210 set in the UL 2200, and time information2210 which are values of time information (PTS 1343 a of the PES packet1300) at which the content use is started and terminated.

Here, the license ID 2206, for example, in the case where it is in acontrol reproduction control system which returns the main license 900from the terminal apparatus 102 to the right management server 101 a,can associate the main license 900 used by the user with the sublicenseby collecting the UL 2200 together with the main license 900. Therefore,the distribution center 101 can associate the viewing records with thelicense and manage them.

The action type 2207 is a type for specifying actions such as “play”,“copy”, and “print” for the content by the user. For the type, the valueof the action ID 1021 in the sublicense 1000 is set. Here, it is shownan example of “play” which indicates a reproduction of the content.

Furthermore, the time information 2210 is information for specifying apart of the content used by the user, including pairs of start timeinformation which is time information indicating the time when thecontent use is started, with end time information which is timeinformation indicating the time when the content use is terminated, asmany as the number of the pairs are defined in the number of timeinformation 2209. Here, it is shown that there are N numbers of the pairof “start time information, end time information”, the “start timeinformation 1, end time information 1” is “13970584, 13999999” and the“start time information N, end time information N” is “32141683,39705843970”.

Note that, there is no hash value and the like for detecting an unfairalternation of the UL 2200 in the UL 2200. However, it is allowed to addthe alternation detection when it is necessary.

Further, it may be transmitted to the distribution center 101 atarbitral timing or regularly when it is necessary.

The terminal application 2111 is a unit of obtaining the main license900 from the right management server 101 a and providing an interfacethat instructs start and end of the content use and the like.Specifically, the terminal application 2111 generates Expected LicenseInformation (hereafter referred to as ELI) as an obtainment request ofthe license in compliance with the user's contract, transmits to theright management server 101 a and obtains the license from the rightmanagement server 101 a.

FIG. 23 is a diagram showing an example of the ELI.

The ELI 2300 includes an ELI identifier 2301, a terminal ID 2302, ausage rule ID 2303, and a contract ID 2304. For the ELI identifier 2301,information indicating that the data is ELI 2300 is written. For theterminal ID 2302, a terminal ID of the terminal apparatus 102 which hasgenerated the ELI 2300, that is, the terminal 102 which requests thelicense is written. For the usage rule ID 2303, the usage rule ID 702for specifying the usage rule of the user managed in the usage rule DB303 of the right management server 101 a is written. For the usage ruleID 702, a usage rule ID which is notified as a response to a user whoinquiries available rights from the right management server 101 a isused. For the contract ID 2304, a contract ID corresponding to the mainlicense 900 is written. In addition to the above mentioned, a validityperiod of the license which expected by the user (the validity period915 written in the license header 901 of the main license 900, or thevalidity period 1015 written in the license header 1001 of thesublicense 1000) may be requested.

Note that, in general, units for processing data which requires securityin particular in the terminal apparatus 102, specifically, the licenseprocessing unit 2104, the license DB 2105, the content use control unit2106, the content decryption unit 2107, the content use unit 2108, theviewing record recording unit 2109, and the viewing record DB 2110 arerealized by a system LSI structured for anti-tampered hardware or aprogram structured for anti-tampered software in order to preventillegal uses by a malicious user and the like. Furthermore, it isassumed that an ID (terminal ID) for uniquely specifying the terminalapparatus 102 in the content reproduction control system 1 is alsostored in an anti-tampered area which is not shown in FIG. 21.

Now, with references to FIG. 24 to FIG. 32, a series of operations inthe terminal apparatus 102 configured as above described is explained,the operations, by the user, obtaining the content and the license fromthe distribution center, securely using the content, and securelycontrolling the content viewing using the reproduction controlinformation and the record of the viewed content.

Here, when the user obtains the main license 900 from the rightmanagement server 101 a, it is necessary to previously register for amembership of the service provider using the web server 101 d, purchasethe usage rules of the content, and the like. However, these processesare not the main purpose of the present invention. Therefore, theexplanation is omitted hereafter.

Firstly, an operation of obtaining the main license 900 from the rightmanagement server 101 a by a user in the terminal apparatus 102 isexplained with reference to a flowchart shown in FIG. 24.

FIG. 24 is a flowchart showing processes performed for obtaining themain license 900.

First, the user obtains a list of usage rules (licenses) for the usermanaged in the right management server 101 a through the user interfaceprovided by the terminal application 2111 and selects the license to thecontract wished to be obtained from the list of usage rules. Theterminal apparatus 102 then generates the ELI 2300 for requesting themain license 900 to the right management server 101 a and sends to theright management server 101 a (S2401).

In specific, the terminal application 2111 sends thee contract IDcorresponding to the contract of the user to the license processing unit2104. The license processing unit 2104 generates the ELI 2300 shown inFIG. 23 based on the received contract ID. Here, it is suggested thatthe usage rule ID 2303 to be set in the ELI 2300 has obtained the usagerule ID 2303 by, from the terminal application 2111 or the licenseprocessing unit 2104, -directly inquiring to the use management server101 a about the usage rule previously held by the user or by inquiringvia the web server 101 d. The ELI 2300 generated as above described issent to the right management server 101 a through the terminalcommunication unit 2102. Note that, the main license 900 may be obtainedonce during the validity period from the right management server 101 a.

The license issuing unit 311 of the right management server 101 areceives the ELI 2300 that the server communication unit 312 hasreceived from the terminal apparatus 102, refers to the user informationDB 302, and identifies the user by specifying the user (S2402).

Specifically, the user identification is performed in two steps. Ingeneral, it is usual that the communication is performed securely byestablishing a SAC for communicating data which requires security suchas license. Therefore, in the first step, a SAC is established by SSL orTLS between the right management server 101 a and the terminal apparatus102. Through this mutual identification, the right management server 101a can make sure that the terminal apparatus 102 has a correct terminalID 2302. In the second step, the license issuing unit 311 specifies auser who has the terminal apparatus 102 with the terminal ID 2302. Then,the license issuing unit 311 obtains the terminal ID 2302 included inthe ELI 2300, refers to the user ID 601 and the terminal ID 602 in theuser information management table 600 of the user information DB 302,and searches the terminal ID 602 in the user information managementtable 600 corresponding to the terminal ID 2302 included in the ELI2300. When the corresponding terminal ID 602 is found, a related user ID602 can be obtained. On the contrary, when the corresponding terminal ID602 is not found, it is the failure of the user identification.

The license issuing unit 311 verifies the result of user identificationin the step S2402 (S2403).

In the step S2403, in the case of NO, that is, when the useridentification is not correctly performed, it is judged that the licenseissuing is not permitted. Thus, the license issuing unit 311 sends alicense issuing unavailability notice to the terminal apparatus 102.

In the step S2403, in the case of YES, that is, when the useridentification is correctly performed, the step S2404 is executed forverifying the usage rule for issuing the main license 900.

The license issuing unit 311 executes a license issuing permissionjudgement processing (S2404).

FIG. 25 is a flowchart showing a subroutine of the license issuingpermission judgement processing in the step S2404.

First, the license issuing unit 311 verifies whether the usage rule ID2203 specified by the ELI 2300 is found in the usage rule managementtable 700 of the usage rule DB 303 (S2501). Specifically, the licenseissuing unit 311 refers the received ELI 2300 from the terminalapparatus 102 and obtains the usage rule ID 2203. Then, it verifieswhether the usage rule ID 2203 matches to the user ID 702 in the usagerule management table 700.

In the step S2501, in the case of YES, that is, when the usage rule ID2203 of the ELI 2300 and the matching usage rule ID 702 are found in theusage rule management table 900, it is verified about whether the userID 701 having the usage rule ID 702 matches to the user ID 601 in theuse information management table 600 of the user information DB 302which succeeded to verify in the step S2402 shown in FIG. 24.

When the user ID is matched (YES at S2501), the license issuing unit 311then judges whether or not the usage rule of the user satisfies thevalidity period (S2502). Specifically, while referring to the validityperiod 704 in the usage rule DB 303, the license issuing unit 311obtains present time from the secure timer unit (not shown in FIG. 3)and judges whether present time is included in the start time and dateto the end time and data shown by the validity period 704 For example,when the validity period 704 in the usage rule table 700 is“2002/12/20:12:12:12” and the present time is “2002/12/18 12:34:56”, itis judged that the usage rule of the user is in the validity period. Onthe other hand, when it is the 2002/12/31 19:00:00”, it is judged thatthe usage rule of the user is out of the validity period.

In step S2502, in the case of YES, that is, when the usage rule of theuser is in the validity period, the license issuing unit 311 judgeswhether the number of issuing permitted times is remained (S2503).Specifically, the license issuing unit 311 verifies wether the remainingnumber of issuing availability 705 in the usage rule management table700 is one or more.

In the step S2503, in the case of YES, for example, if the remainingnumber of issuing availabilities in the usage rule management table 700is “2”, the remaining number of issuing availability 705 is one or moreso that the license issuing unit 311 judges that the main license 900can be issued (S252) and returns to the main routine shown in FIG. 24.

On the contrary, in the step S2501 to step S2503, as a result ofapplying to any one of the following cases, in the case of NO, that is,in the step S2501, when the usage rule ID 2203 of the ELI 2300 and thematching usage rule ID 702 are not found in the usage rule managementtable 700; in the step S2502, when the usage rule of the user is out ofthe validity period; in step S2503, when the remaining number ofavailable issuing is 0, the license is suing unit 311 judges that themain license 900 is not permitted for issuing (S2505) and returns to themain routine shown in FIG. 24.

After the license issuing permission judgement processing, the licenseissuing unit 311 refers to the result of the license issuing permissionprocessing and judges whether or not the main license 900 is permittedfor issuing (S2405).

In step S2405, in the case of NO, that is, when it is judged. that thelicense issuing is not permitted, the license issuing unit 311 sends alicense transmission unavailability notice to the terminal apparatus102.

In step S2405, in the case of YES, that is, when it is judged that thelicense issuing is permitted, the license issuing unit 311 generates themain license 900 (S2406). Specifically, the license issuing unit 311refers to the usage rule management table 700 of the ELI 2300 and theusage rule DB303, obtains the work key Kw203 corresponding to thecontract ID 2204 (contract ID 401) from the work key management table400 of the key information DB 301, and generates the main license 900requested from the ELI 2300.

The license issuing unit 311 updates the usage rule management table 700of the usage rule DB 303 (S2407). Specifically, the license issuing unit311 performs processing of subtracting usage rules of the user as muchas the usage rules included in the issued main license 900. For example,in the usage rule management table 700, when the main license 900 forthe usage rule with the usage rule ID 702 of “URUs-ID-24024” and theuser ID 701 of “USER-ID-00003” is requested for issuing, since theremaining number of issuing availability 705 is “2”, the remainingnumber of issuing availability 705 in the usage rule management table700 is updated to “1”.

The license issuing unit 311 sends the main license 900 generated in thestep S2406 to the terminal apparatus 102 (S2408). Specifically, thelicense issuing unit 311 sends the main license 900 to the terminalapparatus 102 through the server communication unit 312.

The license processing unit 2104 of the terminal apparatus 102 receivesthe main license 900 received from the right management server 101 a andregisters the main license 900 to the license DB 2105 (S2409).Specifically, the license processing unit 2104, through the terminalcommunication unit 2101, obtains the main license 900 as a response tothe ELI 2300 generated in the step S2401, writes the main license 900 tothe license DB 2105, updates the hash value of the license DB 2105 andterminates the main processing.

Note that, in Step S2403 or in Step S2405, when the license issuingunavailability notice is sent since the main license 900 is notpermitted for issuing, the license processing unit 2104 of the terminalapparatus 102 receives the license issuing unavailability notice(S2410). Specifically, the license processing unit 2104 of the terminalapparatus 102 receives the license issuing unavailability notice fromthe right management server 101 a, through the user interface of theterminal application 2111, notifies the reception to the user andterminates the main processing.

Next, it is explained about a generation processing of the sublicense1000 and a transmission processing of the-work key Kw203, the contentkey Kc205, and the sublicense 1000 to the content distribution server101 b.

FIG. 26 is a flowchart showing a processing of generating the sublicense1000 and a processing of sending the work key Kw203, the content keyKc205, and the sublicense 1000 in the right management server 101 a.

When the right management server 101 a receives, at a request receivingunit not shown in FIG. 3 though the LAN 101 n, a request of the work keyKw203, the content key Kc205 and the sublicense 1000 from the contentdistribution server 101 b, the license issuing unit 311, from thecontent information DB 304 of the database unit 300, obtains informationrelating to the corresponding content (S2601). Specifically, the licenseissuing unit 311, based on the content ID included in the request fromthe content distribution server 10 b, obtains the license ID 802, thevalidity period 803, the number of use availability 804 as usage rulesrequired for generating the sublicense 1000 from the content informationmanagement table 800 of the content information DB 304.

The license issuing unit 311, from the key information DB 301 of thedatabase unit 300, obtains the work key Kw203 according to the contractand the content key Kc205 for the content (S2602). Specifically, thelicense issuing unit 311, based on the contract ID and the content IDincluded in the request from the content distribution server 101 b,obtains the work key Kw203 corresponding to the contract ID 401 and thecontent ID 501 and the content key Kc205 from the work key managementtable 400 of the key information DB 301 and the content key managementtable 500. Note that, whereas it is not shown in FIG. 26 when thecontract ID 401 and the content ID 501 corresponding to the request fromthe content distribution server 101 b are not found in the work keymanagement table 400 and the content key management table 500, as anerror, it is notified to the content distribution server 101 b.

The license issuing unit 311 generates the sublicense 1000 (S2603).Specifically, the license issuing unit 311 generates the sublicenseshown in FIG. 10 using the usage rules of the content obtained from thecontent information management table 800 of the content information DB304 and the content key Kc205 for the content obtained from the contentkey management table 500 of the key information DB 301.

The license issuing unit 311 sends the generated sublicense 1000, thework key Kw203, and the content key Kc265 to the content distributionserver 101 b (S2604). Specifically, the license issuing unit 311 sendsthe sublicense 1000 generated in the step S2603, the work key Kw203obtained from the work key management table 400 of the key informationDB 301, and the content key Kc205 obtained from the content keymanagement table 500 of the key information DB 301 to the contentdistribution server 101 b through the LAN 101 n.

Next, it is explained about the ECM generation processing and thecontent transmission processing.

FIG. 27 is a flowchart showing the ECM generation processing and thecontent sending proceeding of the content distribution server 101 b.

In the content distribution server 101 b, the reproduction controlinformation generation unit 1106 obtains the present PTS 1343 a from thecontent encoding unit 1105 according to the content delivery instructionand calculates a value of the PTS 1343 a in the beginning of the content(S2701). Specifically, the reproduction control information generationunit 1106 receives the content transmission instruction from the uppersystem not shown in FIG. 11 such as the program operation managementsystem and obtains the value of the PTS 1343 a at this time, that is,the value of the STC set by the time information attachment unit 1104.Thus, using the obtained value of the PTS 1343 a (time t0 in FIG. 16),by the method explained shown in FIG. 16, the value of the PTS1343 a inthe beginning of the content (time t2 in FIG. 16) is calculated andstored inside.

The reproduction control information generation unit 1106 generates thereproduction control information based on the information of the contentattribute information DB 1102 and transmits to the ECM generation unit1107 (S2702). Specifically, the reproduction control informationgeneration unit 1106 i) refers the content attribute informationmanagement table 1200 of the content attribute DB 1102, ii) obtains thepreview permitted section 1203 and the CM section 1204 of the content ID1201, and iii) generates the reproduction control information forcontrolling preview and the reproduction control information forcontrolling CM skip when it is necessary. Herein, using the value of thePTS 1343 a calculated in the step S2701 in the beginning of the content,the description of the time information in the content attributeinformation management table 1200 is changed to the description usingthe PTS 1343 a.

The content delivery unit 1010 judges whether the content delivery iscompleted or not (S2703). Specifically, the content delivery unit 1110judges whether or not all of the contents are delivered as TS packet1400 to the terminal apparatus 102.

In the Step S2703, in the case of NO, that is, when the content deliveryis not completed, the step S2704 is executed.

The ECM generation unit 1107 generates and encrypts the ECM usingreproduction control information received from the reproduction controlinformation generation unit 1106, the sublicense 1000 received from theright management server 101 a, the work key Kw203, and the content keyKc205, and transmits the generated ECM to the content multiplex unit1108 (S2704). Specifically, the ECM generation unit 1107 i) obtainsinformation required for generating the ECM such as the provider ID 1801and the content related information 1806 shown in FIG. 18 from thedatabase (not shown in FIG. 11) and the like, ii) generates theECM-Kw1800 and the ECM-Kc1810 in plaintext, iii) encrypts with thecorresponding work key Kw203 and the content key Kc 205 received fromthe right management server 101 a, and iv) generates the encryptedECM-Kw1800 and the ECM-Kc1810. Furthermore, the ECM generation unit 1107sets the reproduction control information (control information 1503)obtained from the reproduction control information generation unit 1106to the sublicense 1006 received from the right management server 101 aand generates the Kc distribution ECM 1900 using the provider ID 1901 inplaintext and the like. The Kc distribution ECM 1900 in plaintext isencrypted with the work key Kw203 and the encrypted Kc distribution ECM1900 is generated. The generated ECM-Kw1800, the ECM-Kc1810 and the Kcdistribution ECM 1900 are TS packetted and sent to the content multiplexunit 1108.

Furthermore, the ECM generation unit 1107 sends the scramble key Ks201which generated inside the ECM generation unit 1107 and updated everyfew seconds sequential to the content encryption unit 1109 together withthe PID of the TS packet 1460 to be encrypted.

The content encoding unit 1105 reads out the content of the content IDfrom the content DB 1101 (S2705). Specifically, the content encodingunit 1105 searches the content DB 1101 receiving the content ID from theupper system (not shown in FIG. 11) and reads out the contentssequentially.

The content encoding unit 1105 encodes the content readout from thecontent DB 1101, generates the PES packet 1300 and the TS packet 1400sequentially, and attaches time information (S2706). Specifically, thecontent encoding unit 1105 sequentially encodes to MPEG, video and audioof the content read from the content DB 1101 in the step S2705, andusing the STC obtained from the time information attachment unit 1104,attaches the PTS1343 a and DTS1343 b for realizing to synchronize thevideo ES and the audio ES. Further, whereas the content coding unit 1105TS packets the PES packet 1300, using the STC obtained from the timeinformation attachment unit 1104, attaches the PCR 1425 a forsynchronizing base clock inside the terminal apparatus 102 with the baseclock (timer unit 1103) of the content distribution server 101 b.

The content multiplex unit 1108 multiplexes the content, the ECM and thelike and transmits to the content encryption unit 1109 (S2707).Specifically, the content multiplex unit 1108 generates a transportstream in which the information relating to the content is multiplexed,by multiplexing the TS packet 1400 of the content obtained from thecontent encoding unit 1105 with the TS packet 1400 of the ECM-Kw1800,the ECM-Kc1810 and Kc distribution ECM 1900 obtained from the ECMgeneration unit 1107. Herein the content multiplex unit 1108 alsogenerates other TS packets 1400 such as PSI (PAT, PMT etc) and other TSpackets 1400 such as null packet and multiplexes together with the TSpackets 1400 of the content and the ECM. Further, the PCR 1425 a isamended when it is necessary. The transport stream generated asdescribed above is sent to the content encryption unit 1109.

After scrambling the transport stream in the content encryption unit1109, the transport stream is sent from the content delivery unit 1110(S2708). Specifically, the content encryption unit 1109 scrambles thetransport stream received from the content multiplex unit 1108 using thePID such as video and audio received from the ECM generation unit 1107and with the scramble key Ks201 which sequentially obtains the payloadof the TS packet 1400 (TSP Payload 1430) from the ECM generation unit1107.

Furthermore, the content delivery unit 1110 sends the encrypted TSpacket 1400 received from the content encryption unit 1109 sequentiallyto the terminal apparatus 102. After that, it executes step S2703.

In step S2703, in the case of YES, that is, when the delivery of allcontents are completed, the content delivery unit 1110 notifies aboutthat to the content encoding unit 1105, the reproduction controlinformation generation unit 1106, the upper system or the like andterminates the main processing.

Next, an operation of storing and viewing the content in the terminalapparatus 102 is explained.

FIG. 28 is a flowchart showing operational processes that the userviews, in the terminal apparatus 102, the content stored in the contentstorage unit 2103.

First, the user selects content wished to be used from the content listthrough the terminal application 2111. Then, the license IDcorresponding to the content notified to the content use control unit2106 is sent to the license processing unit 2104 (S2801). Specifically,the content use control unit 2106 receives a Unified Resource Identifier(URI) indicating a location of the content ID and the content selectedby the user from the terminal application 2111 and obtains the licenseID for the content ID using meta data relating to the content includedin the terminal apparatus 102. Herein, when the content ID is thesubscription content and associated with any contract ID, the license IDcorresponding to the contract ID is obtained. Accordingly, the contentuse is requested by sending the obtained license ID to the licenseprocessing unit 2104.

The license processing unit 2104 obtains a license corresponding to thelicense ID from the license DB 2105 (S2802). Specifically, the licenseprocessing unit 2104 receives the license ID from the content usecontrol unit 2106 and searches the license DB 2105.

The license processing unit 2104 obtains the license searched in thestep S2802 and judges whether or not the license can be used (S2803).Specifically, the license processing unit 2104 firstly verifies whetherthe license having the license ID specified from the content use controlunit 2106 is found in the license DB 2105. When the license is found,the license processing unit 2104 refers to the validity period of thelicense and the like and verifies the validity of the license. Here, thevalidity of the validity period is verified using time informationobtained from the secure timer unit 2112 inside the terminal apparatus102. When the license corresponding to the license ID specified by thecontent use control unit 2106 is not found in the license DB 2106, thestep S2807 is executed.

In step S2803, in the case of YES, that is, when it is judged that thelicense can be used, the step S2804 is executed.

In step S2803, in the case of NO, that is, when it is judged that thelicense cannot be used, the step S2807 is executed.

The license processing unit 2104 obtains the main license 900 andobtains the work key Kw203 (S2804). Specifically, the license processingunit 2104 obtains the work key Kw203 set in the encryption key tag block903 in the main license 900 and stores the obtained work key Kw203inside.

The license processing unit 2104 obtains the sublicense 1000 included inthe Kc distribution ECM 1900, obtains the content key Kc205 and thereproduction control information, and sends to the content use controlunit 2106 (S2805). Specifically, the license processing unit 2104obtains the Kc distribution ECM 1900 separated in the separation unit2102 and decrypts the encrypted Kc distribution ECM 1900 with the workkey Kw203 obtained from the main license 900. When it obtains thesublicense 1000 included in the Kc distribution ECM 1900, it thenobtains the content key Kc205 included in the encryption key tag block1003 of the sublicense 1000 after verifying the validity of thesublicense 1000 by a similar method for the validity judgement for themain license 900 shown in step S2803. Also, it obtains the reproductioncontrol information (control information 1503) included in the controlinformation tag block 1500. The license processing unit 2104 sends thecontent key Kc205 and the reproduction control information obtained asdescribed above to the content use control unit 2106 by establishing aSAC when it is necessary. Here, the content key Kc205 obtains thescramble key Ks201 for the content so that it is sent to the contentdecryption unit 2107.

The content decryption unit 2107 and the content use unit 2108 securelyuse the content based on the content key Kc205 and the reproductioncontrol information obtained by the content use control unit 2106(S2806).

Note that, in the step S2803, when the usable license is not found, thecontent use control unit 2106 receives a use unavailability notice fromthe license processing unit 2104 (S2807). The content use control unit2106 notifies about the reception to the user through the user-interface unit provided by the terminal application 2111.

Here, a content use processing in step S2806 is explained using FIG. 29.

FIG. 29 is a flowchart showing a subroutine of the content useprocessing (S2806).

The content use control unit 2106 instructs the terminal communicationunit 2101 to receive content and receives the content from the contentdistribution server 101 b (S2901). In specific, the content use controlunit 2106 receives the content sent. from the content distributionserver 101 b based on the URI (corresponding to a channel for thedigital broadcasting) of the content received from the terminalapplication 2111.

The content use control unit 2106 judges whether or not the contentreproduction is completed (S2902). In specific, the content use controlunit 2106 judges whether the reproduction of the content is completedwhen the content reproduction end instruction is sent from the terminalapplication 2111, when the content reception is completed or not fromthe content distribution server 101 b or by detecting a break of thecontent using PSI/SI and the like.

In step S2902, in the case of YES, that is, when a notice of the contentreproduction end is received from the user through the terminalapplication 2111 or when the content reception is completed, the contentuse control unit 2106 notifies about that to the user through theterminal application 2111, returns to the main routine and terminatesthe main processing.

In step S2902, in the case of NO, that is, when the reproduction of thecontent is not completed, the content use control unit 2106 executesstep S2904.

The content decryption unit 2107 obtains a TS packet 1400 of theECM-Kc1810 and obtains the scramble key Ks201 (S2903). In specific, thecontent decryption unit 2107 reconstructs the ECM-Kc1810 from the TSpacket 1400 of the ECM-Kc1810 received from the separation unit 2102,using the content key Kc205, decrypts the encrypted ECM-Kc1810, obtainsthe scramble key Ks201 and stores it into the internal register and thelike.

The content decryption unit 2107 obtains the TS packet 1400 of thecontent, descrambles the TS packet 1400 using the scramble key Ks201stored in the internal register, and decrypts the reconstructed content(S2904). In specific, the content decryption unit 2107, with referenceto transport_scrambling_control included in the TSP Header 1410,descrambles, using the scramble key Ks201, the TS packet 1400 whosepayload (TSP Payload 1430) has been encrypted and sends sequentially thedescrambled TS packet 1400 to the content use unit 2108. The content useunit 2108 receives the decrypted TS packet 1400 from the contentdecryption unit 2107, obtains the decrypted PES packet 1300 from thepayload (TSP Payload 1430) of the TS packet 1400 and data such as videoES and audio ES of the content, decrypts each ES, and outputs to amonitor (not shown in FIG. 21) while synchronizing the video and theaudio. Herein, the content use unit 2108 obtains a PCR 1425 a of theAdaptation Field 1420 in the TS packet 1400, and performs a processingof keeping the STC included inside the content use unit 2108 as a stableclock using PLL (not shown in FIG. 15). Therefore, a normal contentreproduction is realized by decoding and displaying the video ES, theaudio ES and the like of the PES Packet Data Bytes 1360 when the PTS1343a and DTS 1343 b of the PES packet 1300 corresponds to each other.

The viewing record recording unit 2109 obtains the PTS 1343 a of thecontent displayed by the content use unit 2108 and records it to -theviewing record DB 2110 (S2905). In specific, the viewing recordrecording unit 2109 obtains a value of the PTS 1343 a (PTS 1343 aincluded in the displayed PES packet 1300) at the point where thecontent use control unit 2108 reproduces the content, and at leastrecords, into the viewing record DB 2110, values of the PTS 1343 a atwhich the content reproduction is started and ended as viewing records.Note that in order to reduce the data base processing loads on theviewing record DB 2110, for the recording of the PTS 1343 a, the valueof the displayed PTS 1343 a is, whenever necessary, recorded andupdated, and the viewing record DB 2110 may be updated at a relevanttiming. Also, by recording the PTS 1343 a together with date informationsecurely obtained from the timer unit 2112, “play” which is an actioninstructed by a user, a user ID and a terminal ID of which performed thereproduction, the UL 2200 shown in FIG. 22 is generated and stored intothe viewing record DB 2110.

Note that, an operation by the terminal apparatus 102 during the realtime viewing differs from the operation shown in FIG. 28 in that, instep 52805 explained in FIG. 28, the scramble key Ks201 is obtained byobtaining the work key Kw203 instead of the content key Kc205 anddecoding the ECM-Kw1800 using the work key Kw203. Other steps are sameas shown in FIG. 28 and FIG. 29. Therefore, the explanation is omittedin here.

Next, it is explained about an operation of time skipping of the contentduring the stored content is viewed shown in FIG. 28 and FIG. 29.

FIG. 30 is a flowchart showing processing operations in the case wherethe content is time skipped during the stored content is viewed.

When a user requests a time skip of the content on reproduction via theterminal application 2111, the content use control unit 2106 obtains alocation of a destination of the skip (S3001). Specifically, the contentuse control unit 2106 obtains time information (few seconds from wherethe content is reproduced now etc.) about the skip destination specifiedby the user.

The content use control unit 2106 obtains the PTS 1343 a of the presentreproduction place (hereafter referred to as PTS Src) and the PTS 1343 aof the skip destination (hereafter referred to as PTS_Dst) (S3002). Inspecific, the content use control unit 2106 obtains, from the contentuse unit 2108, the PTS 1343 a at which the content is now reproduced(PTS 1343 a attached to the frame recently displayed) and converts thetime information for the skip destination obtained in Step S3001 into avalue based on the PTS 1343 a. For example, when the time informationobtained in step S3001 is few seconds from where the content is nowreproduced, a value of the PTS_Dst which is the PTS1343 a for the skipdestination is obtained by adding a value which the time information isdivided by 90000 which is a clock of the PTS 1343 a to the PTS_Src.Here, as an example of a method for the content use control unit 2106 toobtain the value for the PTS_Src, a method of writing, whenevernecessary, the value of the PTS 1343 a at which the content is nowreproduced into the internal register of the content use unit 2108 whichhis accessible from outside is explained.

The content use control unit 2106 judges whether or not it is in aperiod of controlling the time skip (special reproduction) based on thereproduction control information obtained from the license processingunit 2104 (S3003). In specific, the content use control unit 2106 judgeswhether it is now the period when the special reproduction should becontrolled by comparing the time information obtained from the securetimer unit 2112 with the value of the control limit 1512 when thecontrol ID 1511 of the reproduction control information (controlinformation 1503) includes information indicating “special reproductionunavailable”.

In step S3003, in the case of YES, that is, when it is now in the periodof which the special reproduction should be controlled, the content usecontrol unit executes step S3004.

In step S3003, in the case of NO, that is, when it is not now in theperiod of which the special reproduction should be controlled, thecontent use control unit executes steps S3006.

The content use control unit 2106 judges whether or not it is a sectionwhere time skip (special reproduction) can be performed based on thereproduction control information obtained from the license processingunit 2104 (S3004). Specifically, the content use control unit 2106, whenthe control ID 1511 of the reproduction control information (controlinformation 1503) includes information indicating “special reproductionunavailable”, checks whether a section of time from the control starttime to the control end time which is a range of the PTS 1343 aspecified by the control range 1514 is included in the PTS_Src to thePTS_Dst or not for as many as the number of time information controltimes 1520. That is, it detects a case where a section indicated by aplace where the content is now reproduced and a place for the skipdestination is included at least a part or all of one CM skip prohibitedsection (from control start time to control end time of the controlinformation 1503).

In step S3004, in the case of YES, that is, when a CM skip prohibitedsection is included in the PTS_Src to PTS_Dst, the content use controlunit 2106 executes Step S3005.

In step S3004, in the case of NO, that is, when the CM skip prohibitedsection is not included in the PTS_Src to PTS_Dst, it executes StepS3006.

The content use control unit 2106 obtains the viewing record of thecontent and judges whether or not the number of time when viewered thepart where the CM skip prohibited section included in the PTS_Src toPTS_Dst in the past is the specified number of times or more (S3005).Specifically, the content use control unit 2106 retrieves the viewingrecord DB 2110 and refers the time information 2210 which is a viewingrecord of the UL 2200 corresponding to the content ID 2205 among UL 2200stored in the viewing record DB 2110. Since the value of PTS 1343 awhich the content is viewed in the past, the content use control unit2106 counts the number of times including the CM skip prohibited sectionincluded in the PTS_Src to PTS_Dst and compares it with the number ofcontrol times of controlling the control information 1503

In step 3005, when the number of times when viewed the CM skipprohibited section in the past included in the PTS_Src to PTS_Dst is1513 or more, the content use control unit 2106 executes step S3006.

In step S3005, when the number of times when viewed the CM skipprohibited section in the past included in the PTS_Src to PTS_Dst isless than the number of control times 1513, the content use control unit2106 executes step S3007.

The content use control unit 2106 executes the time skip (S3006). Inspecific, the content use control unit 2106 controls the contentdecryption unit 2107 and the content use unit 2108 in order to obtainthe TS packet 1400 for the specified skip destination from the contentstorage unit 2103. The operations after the processing is same as theoperations explained in FIG. 29.

The content use control unit 2106 prohibits a time skip operation(S3007). In specific, the content use control unit 2106 notifies a userabout that the time skip operation is unavailable (together with thereason if necessary) through the user interface of the terminalapplication 2111.

Whereas an example of time skipping is shown in here, it can prevent aspecial reproduction on a specified area such as CM of the content byperforming similar controls for the cases of other special reproductions(e.g. a fast-forward and rewind of the content).

FIG. 31 is a flowchart showing operations in the case where the contentis fast-forwarded while the stored content shown in FIG. 28 and FIG. 29is viewed.

In FIG. 31, when the user requests a fast-forward of the content onreproduction via the terminal application 2111, the content use controlunit 2106 receives an instruction for the fast-forward (S3101).Specifically, the content use control unit 2106 receives an action IDindicating a fast-forward from the terminal application 2111.

The content use control unit 2106 judges whether or not it is in theperiod of controlling the fast-forward (special reproduction) based onthe reproduction control information obtained from the licenseprocessing unit 2104 (S3102). Specifically, the content use control unit2106, when the reproduction control information (control information1503) includes information indicating that its control ID 1511 is“special reproduction unavailable”, judges whether it is now in theperiod when the special reproduction should be controlled by comparingthe time information obtained from the secure timer unit 2112 with thevalue of the control limit 1512.

In step S3102, in the case of YES, that is, when it is now in the periodof which the special reproduction should be controlled, the content usecontrol unit 2106 executes step S3103.

In step S3102, in the case of NO, that is, when it is not now the timeof which the special reproduction should be controlled, the content usecontrol unit 2106 executes step S3106.

The content use control unit 2106 obtains the PTS 1343 a of the presentpart where the content is reproduced (hereafter referred to as PTS Src)(S3103). In specific, the content use control unit 2106 obtains the PTS1343 a for the part where the content is now reproduced (PTS 1343 aattached to the frame displayed recently) from the content use unit2108.

The content use control unit 2106 judges whether or not it is a partwhere the fast-forward (special reproduction) can be performed based onthe reproduction control information obtained from the licenseprocessing unit 2104 (S3104). Specifically, the content use control unit2106, when the reproduction control information (control information1503) includes information indicating the control ID 1511 is “specialreproduction unavailable”, at the time from the control start time tothe control end time which is a range of the PTS 1343 a specified by thecontrol range 1514, checks whether the PTS_Src is included or not for asmany as the number of time information control times 1520. That is, itdetects a case where the part where the content is now reproduced isincluded in at least one of the CM skip prohibited section (the controlstart time to the control end time of the control information 1503).

In Step S3104, in the case of YES, that is, when PTS_Src is included inthe CM skip prohibited section, the content use control unit 2106executes step S3105.

In Step S3104, in the case of NO, that is, when PTS_Src is not includedin the CM skip prohibited section, it executes step S3106.

The content use control unit 2106 obtains the viewing record of thecontent and judges whether the number of viewing the CM skip prohibitedsection including the PTS_Src in the past is a specified number or more(S3105). Specifically, the content use control unit 2106 retrieves theviewing record DB 2110 and refers the time information 2210 which isviewing record of the UL 2200 matching the content ID 2205. Since thetime information 2210 indicates a value of the PTS 1343 a that thecontent is viewed in the past, the content use control unit 2106 countsthe number of records which the CM skip prohibited section including thePTS_Src is viewed and compares it with the number of control 1513 of thecontrol information 1503.

In step S3105, when the number of times when the CM skip prohibitedsection including the PTS_Src is viewed in the past is the number ofcontrol times 1513 or more, the content use control unit 2106 executesstep S3106.

In step S3105, when the number of times when the CM skip prohibitedincluding the PTS_Src is included is viewed in the past is less than thenumber of control times 1513, it executes step S3107.

The content use control unit 2106 executes a fast-forward (S3106).Specifically, the content use control unit 2106 controls the contentdecryption unit 2107 and the content use unit 2108 in order to obtainthe TS packet 1400 corresponding to a speed of the fast-forward from thecontent storage unit 2103. Generally, it is likely that an I picture ofMPEG is only displayed in the case of fast-forward . . . Therefore, thecontent use control unit 2106 selects the TS packet 1400 for only the Ipicture while referring to information in the TSP Header 1410 in the TSpacket 1400 and information in the Adaptation Field 1420. After theskipping, it takes same operations as explained in FIG. 29. In order tojudge whether a reproduction part which changes along with thefast-forward is the CM skip prohibited section or not whenevernecessary, it repeatedly executes processes of step S3102 to step S3106.Note that, when repeatedly executing the processes of steps S3102 tostep S3106, if necessary, the process of step S3105 can be omitted. Inthis case, the process in step S3105 is processed as NO and the contentuse control unit 2106 executes step S3107.

The content use control unit 2106 prohibits an operation of fast-forward(S3107). Specifically, it notifies a user through the user interface ofthe terminal application 2111 of that the fast forward operation is notpermitted (together with the reasons if necessary).

Thus, it can control the special reproduction, of a specific section ofthe content, during the limited time and for the limited number oftimes. Whereas it explains a case of fast-forward in here, the CM rewindcan be similarly controlled.

Further, whereas the control method described in the embodiment of thepresent invention is not limited for the case of the specialreproduction, it can be used for the purpose of controlling the viewingof the special section of the content. As an example for this case, anoperation of controlling to view a preview section of the PPV contentwith reference to FIG. 32.

FIG. 32 is, similar to FIG. 30 and FIG. 31, a flowchart showingoperations of previewing the content while content is being viewed.

When a user requests to reproduce a preview of the content via theterminal application 2111, the content use control unit 2106 receives apreview instruction (S3201). Specifically, the content use control unit2106 receives an action ID showing a preview from the terminalapplication 2111.

The content use control unit 2106 judges whether it is now within aperiod of controlling the preview based on the reproduction controlinformation obtained from the license processing unit 2104 (S3202).Specifically, the content use control unit 2106, when the reproductioncontrol information (control information 1503) includes information thatthe control ID 1511 is “preview permitted”, judges whether it is now ina period when the preview can be executed by comparing date informationobtained from the secure timer unit 2112 with the value of the controllimit 1512.

In step S3202, in the case of YES, that is, when it is now in a periodof which the preview can be executed, the content use control unit 2106executes step S3203.

In step S3202, in the case of NO, that is, when it is not now in theperiod of which the preview can be executed, it executes step S3207.

The content use control unit 2106 obtains the PTS 1343 a for a sectionwhere the content is now being reproduced (hereafter referred to asPTS_Src) (S3203). Specifically, the content use control unit 2106obtains the PTS 1343 a for a section where the content is now beingreproduced from the content use unit 2108 (PTS 1343 a attached to theframe displayed recently).

The content use control unit 2106 judges whether or not it is a sectionwhere the preview is allowed based on the reproduction controlinformation obtained from the license processing unit 2104 (S3204).Specifically, the content use control unit 2106, when the reproductioncontrol information (control information 1503) includes informationindicating the control ID 1511 is “preview permitted”, checks whether ornot the PTS_Src is included, for as many as the number of timeinformation control times 1520, in a time range of the control starttime to the control end time which is a range of the PTS 1343 aspecified by the control range 1514. That is, it detects a case wherethe section where is now being reproduced is included at least onepreview permitted section (from the control start time to the controlend time of the control information 1503).

In step S3204, in the case of YES, that is, when the PTS_Src is includedin the preview permitted section, the content use control unit 2106executes step S3205.

In step S3204, in the case of NO, that is, when the PTS_Src is notincluded in the preview permitted section, the content use control unit2106 executes step S3207.

The content use control unit 2106 obtains the record of viewing thecontent and judges whether the number of viewing the preview permittedsection including the PTS_Src in the past is the specified number andmore (S3205). Specifically, the content use control unit 2106 retrievesthe viewing record DB 2110 and refers time information 2210 which isviewing record of the UL 2200 corresponding to the content ID 2205 amongthe UL 2206 stored in the viewing record DB 2110. Since the timeinformation 2210 indicates the value of the PTS 1343 a that the contentis viewed in the past, the content use control unit 2106 counts thenumber of records which the preview permitted section including the.PTS_Src is included is viewed and compares it with the number of control1513 of the control information 1503.

In step S3205, when the number of times when the preview permittedsection including the PTS_Src is viewed in the past is the number oftimes 1513 and more, the content use control unit 2106 executes stepS3207.

In step S3205, when the number of times when the preview permittedsection including the PTS_Src is viewed in the past is less than thenumber of control times 1513, it executes step S3206.

The content use control unit 2106 executes previewing (S3206).Specifically, the content use control unit 2106 permits a preview of thecontent, and decrypts and decodes the content. Further, since thereproduction section is changed along with the preview, processes ofstep S3202 to step S3206 are repeatedly executed in order to judge,whenever necessary, whether or not the section where the content is nowbeing reproduced is preview permitted or not. Note that, when repeatedlyexecuting the processes of step S3202 to step S3206, if necessary, aprocess of step S3205 can be omitted. In this case, the process of thestep S3205 is all processed as YES and the step S3206 is executed.

The content use control unit 2106 prohibits previewing (S3207).Specifically, the content use control unit 2106 notifies a user of thatthe preview is not permitted (with its reason if necessary) through auser interface of the terminal application 2111.

Thus, as for previewing the PPV content, the content use control unit2106 can control the preview in a limited time period and the limitednumber of times.

Although only an exemplary embodiment of this invention has beendescribed in detail above, those skilled in the art will readilyappreciate that many modifications are possible in the exemplaryembodiment without materially departing from the novel teachings andadvantages of this invention. Accordingly, all such modifications areintended to be included within the scope of this invention.

As above described, in the content reproduction control system 1, thedistribution center 101, using previously existed secure timeinformation which attached to the content, distributes, to the terminalapparatus, the reproduction control information for controlling the useof a specific part of the content as another data from the content. Theterminal apparatus securely controls the use of content using securetime information previously existed in the content and reproductioncontrol information obtained from the distribution center 101.Therefore, the provider can use a pre-existed encoder so that the costrelating to the transmission equipment can be reduced and the providercan securely control the use of specific part of the content by a user.

Note that, in the embodiment according to the present invention, anexample in the case where the PTS 1443 a of the PES packet is used astime information attached to the content is shown. However, the presentinvention is not limited to the case and information previously existedin the content and can be specified its part of the content can be used,the information being such as the DTS 1443 b of PES packet, the PCR 1425a of TS packet 1400, Sync Layer (SL) of MPEG-4 Systems, Time Code ofGroup of Picture of MEPG-2 ES. In this case, when the time informationwhich is not encrypted such as the PCR 1425 a of the TS packet 1400 isused, a process for securely distributing the content with the timeinformation is needed in order to prevent the alternation of the timeinformation, the process of associating a value of time information withthe encryption key of the content, attaching a hash value to the dataincluding the value of the time information and the like.

In addition, an example of the content multiplexed by the MPEG-2 PES/TSis shown in the embodiment according to the present invention. However,it is needless to say that contents other than MPEG-2 Program Stream(PS) or MPEG are applicable unless the content is pre-existedinformation and information which can specify its part of the content(for example, it is not limited to the time information if it is atleast an ID, a counter value or the like unique to each packet in thecontent).

Also, in the present embodiment according to the present invention, anexample of distributing the content based on the server typebroadcasting method type I described in ARIB STD-B25 version 4.1 isshown. However, it is needless to say that the present invention isapplicable to the case of the server type broadcasting method type IIwhich is a distribution method for file-type contents, a streamingdistribution on the Internet, a download distribution and the like. Inthis case, the content is generally encrypted with a single encryptionkey Kc′ so that an encryption key Kc′ is set to a license (equivalent tothe main license 900 in the embodiment of the present invention) anddistributes the license from the right management server 101 a to theterminal apparatus 102 via communication such as Internet. Similarly,the reproduction control information is included in the license.Accordingly, the content is not scrambled by a contingency key, evenwhen it is encrypted with a single encryption key (that is, when it hasa single license structure rather than a license structure of the mainlicense 900 and the sublicense 100), the use of specified part of thecontent can be securely controlled in the terminal apparatus 102.

Further, in the present embodiment according to the present invention,in the UL 2200 which is a viewing record, various information startingfrom the user ID 2103 and the terminal ID 2104 are recorded. However, inorder to use for the content use control based on the viewing record,the content and the viewing section of the content shall be specified.Therefore, a pair of the content ID 2105 or the license ID 2106, or thecontent ID 2105 and the license ID 2106 (depending on a way of assigningID in the content reproduction control system 1), and a pair of one ormore start time information and end time information shall be recorded.

Further, in the embodiment according to the present invention, anexample of the case where the viewing record recorded in the terminalapparatus 102 is managed in the viewing record DB 2110 is shown.However, it may be managed in the license DB 2105 together with thelicense to be managed (main license 900).

Additionally, in the embodiment according to the present invention, asan example of controlling use of the specific section of the content, anexample of performing CM skip is shown. However, not limiting to theexample, for example, it is applicable to a control for using only thespecific section of the content such as digest viewing.

Also, in the embodiment according to the present invention, asinformation of reproduction control sections in the reproduction controlinformation (control information 1545), a value of the PTS 1343 aattached to the content itself is used and specified. However, thecontrol information 1545 may be structured using a value of the PTS 1343a in the beginning of the content and a relative value from thebeginning of the content based on the PTS 1343 a. Additionally, whereasin the control information 1545, the reproduction control section isdescribed in a range specified by the control start time and the controlend time, it may be described as control start time and control time(time range).

Furthermore, in the embodiment according to the present invention, asinformation for the reproduction control section in the reproductioncontrol information (control information 1545), a special reproductionprohibited section (section where only allows normal reproduction) isdescribed. However, the special reproduction permission section may bedescribed in the control information 1545.

Further, in the embodiment according to the present invention, it isshown an example of the case where the reproduction control informationis set to the license (sublicense 1000) and the ECM and is distributedfrom the distribution center 101 to the terminal apparatus 102. Notbeing limited to the case, the reproduction control information may bedistributed using a secure channel such as SSL through communication orby EMM through broadcasting. Therefore, the present method is a methodintegrally applicable to contents despite the multiplex of relatedinformation such as ECM. Note that, in such case when the terminalapparatus 102 has not obtained reproduction control information (controlinformation 1545) at the time when the content is used, for viewing thecontent, it may be controlled to allow only the normal reproduction ornot to permit a preview and allow the special reproduction, preview orthe like after the reproduction control information is obtained.

In the case where the control information 1545 is structured using avalue of the PTS 1343 a in the beginning of the content and the relativevalue from the beginning of the content based on the PTS 1343 a, areproduction control section is specified by the relative value from thebeginning of the content based on the PTS 1343 a when the contentdistribution server 101 b may delivers the streaming contents anddistributes the PTS 1343 a from the content distribution server 101 b tothe terminal apparatus 102 after the PTS 1343 a in the beginning of thecontent is specified. Herein, while the terminal apparatus 102 has notobtained the PTS 1343 a in the beginning of the content, it iscontrolled to allow only the normal reproduction or not to permit thepreview.

In the embodiment according to the present invention, a license(sublicense 1000) is set to the Kc distribution ECM 1900 and transmittedfrom the distribution center 101 to the terminal apparatus 102. However,the present invention is not limited to the above example, the licensemay be distributed by the ECM-Kw1800, the ECM-Kc1810, or the EMM(including the Kc distribution specific EMM in the server typebroadcasting method type I). Also, in a distribution by broadcasting,using the ECM-Kw1800 or the ECM-Kc1810 (if necessary, EMM fordistributing the work key Kw203 may be used), a license including thecontent key Kc205 and reproduction control information may bedistributed via communication.

Further in the embodiment according to the present invention, as anexample of control information for controlling the use of specificsection of the content, an example of distributing information forreproduction control (reproduction control information) is explained.However, the present invention is applicable for use controls in theterminal apparatus 102 such as printing and editing other thanreproducing.

Also, whereas, in the embodiment according to the present invention, thereproduction control information is generated in the contentdistribution server 101 b, it may be generated in the right managementserver 101 a. In this case, it is needless to say that information ofthe PTS 1343 a attached to the content needs to be notified from thecontent distribution server 101 b to the right management server 101 a.Furthermore, in the content distribution server 101 b, the reproductioncontrol information is set to the sublicense 1000. However, it may beset in the right management server 101 a.

In the embodiment according to the present invention, an example ofrecording viewing records for all used contents in the terminalapparatus 102 is explained. However, whether recording the viewingrecords by each content, license, or user may be controlled by includinginformation instructing a recording of the viewing records into the mainlicense 900 or the sublicense 1000.

Further, in the embodiment according to the present invention, it isexplained as an example that the reproduction control informationgeneration unit 1106 in the content distribution server 101 b obtains avalue of the PTS 1343 a from the content encoding unit 1105 forgenerating reproduction control information. However, the value of STCused by the content coding unit 1105 may be obtained directly from thetime information attachment unit 1104. Note that, in this case, thevalue of STC used by the content encoding unit 1105 and the value of STCused by the reproduction control information generation unit 1106 needto be equal.

Also, in the embodiment according to the present invention, it isexplained as an example that, when the reproduction control informationgeneration unit 1106 in the content distribution server 101 b streamscontent (real time encode), the value of PTS 1343 a in the beginning ofthe content is calculated in order to generate the reproduction controlinformation. However, when it downloads content (pre-encode), the valueof PTS 1343 a in the beginning of the content and values of CM section,preview permitted section and the like can be previously specified sothat, based on the value of PTS 1343 a actually attached to the content,the reproduction control information can be generated.

In the present embodiment according to the present invention, as acontrol ID 1511 of the reproduction control information (controlinformation 1503), an example of using IDs called “special reproductionunavailable” and “preview permitted” is explained. However, the presentinvention is not limited to the example unless it is an identifier fordefining a user's operation and a processing of content in the terminalapparatus 102.

Furthermore, in the embodiment according to the present invention, it isexplained as an example that limitations such as the number of timesviewed in the past based on the viewing records and the control timelimit by an absolute time are added to the control ID 1511.Additionally, limitations such as viewing time in the past may be added.

In the embodiment of the present invention, it is explained as anexample that a reproduction of a specific section of the content iscontrolled using the viewing records stored in the viewing record DB2110. However, based on the viewing records, the reproduction controlinformation (control information 1545) may be changed. For example, whena special reproduction prohibited section is viewed for predeterminednumber of times or more, information about the special reproductionprohibited section is deleted from the control information 1545.Accordingly, the reproduction control based on the viewing records canbe performed even after the viewing records are sent to the distributioncenter 101 and the like.

Also, in the embodiment of the present invention, it is explained as anexample that the reproduction control information is set to the Kcdistribution ECM 1900. However, it may be set to the ECM-Kw1800 or theECM-Kc1810. At this time, if different control information is setrespectively to the ECM-Kw1800 and the Kc distribution ECM 1900,different reproduction control ranges can be realized for the real timeviewing and the stored viewing. For example, in the case of the preview,it is inevitable to be an undifferentiated preview section with a stabletime from the beginning during the real time viewing. However, it canset a preview range reflecting characteristics of the content such asdigest viewing during the stored viewing. Thus, it can provide a servicefully reflecting the storage function of the terminal apparatus 102.

Furthermore, in the embodiment according to the present invention, it isexplained as an example that a content, a license, control informationand the like are obtained from a single distribution channel. However,they can be obtained from a combined distribution channel such as acombined use of the digital broadcasting and the Internet.

INDUSTRIAL APPLICABILITY

The content reproduction control system according to the presentinvention has an effect of preventing the use of content with a low costby a user who is contrary to an intension of a provider by realizing tosecurely control the use control of a specific part of the content suchas a CM section of the content in the terminal apparatus using securetime information existed previously in the content without addingcontrol information to the content. The content reproduction controlsystem is useful as a content reproduction control system and the likefor the content distribution service through the digital broadcasting,CATV, the Internet and the like. Also, it is applicable to the contentreproduction control system for the content distribution service by aportable media such as a package media.

1. A content reproduction control system comprising a server apparatusand a terminal apparatus that are connected to each other via acommunication path, wherein the server apparatus includes: a controlinformation generation unit operable to generate, based on timeinformation attached to a content, control information which specifies arange for permitting and prohibiting a user's predetermined operation onthe content performed in the terminal apparatus; and a distribution unitoperable to distribute the control information to the terminalapparatus, and the terminal apparatus includes: a content use unitoperable to use the content; a receiving unit operable to receive thecontrol information; and a content use control unit operable to controla reproduction of the content based on the received control information,the reproduction being included in the use of the content performed bythe content use unit.
 2. The content reproduction control systemaccording to claim 1, wherein the control information indicates asection where a special reproduction of the content is prohibited. 3.The content reproduction control system according to claim 1, whereinthe control information indicates a section where only a normalreproduction of the content is permitted.
 4. The content reproductioncontrol system according to claim 1, wherein the control informationindicates a section where a preview of the content is permitted.
 5. Thecontent reproduction control system according to claim 1, wherein thetime information is a value of the time information attached to thecontent.
 6. The content reproduction control system according to claim5, wherein the time information is composed, based on at least one of aProgram Clock Reference of a Transport Stream, a Presentation Time Stampof a Packetized Elementary Stream, and a Decoding Time Stamp of thePacketized Elementary Stream.
 7. The content reproduction control systemaccording to claim 1, wherein the time information is composed of timeinformation about a beginning of the content and time information aboutan offset from the beginning of the content.
 8. The content reproductioncontrol system according to claim 7, wherein the time information iscomposed based on at least one of a Program Clock Reference of aTransport Stream, a Presentation Time Stamp of a Packetized ElementaryStream, and a Decoding Time Stamp of the Packetized Elementary Stream.9. The content reproduction control system according to claim whereinthe receiving unit receives the control information by broadcasting fromthe server apparatus.
 10. The content reproduction control systemaccording to claim 9, wherein the control information is issued for auser's contract and assigned to either a main license indicating alicense which allows use of a plurality of contents under the contractor a sublicense indicating a license issued for a single content. 11.The content reproduction control system according to claim 1, whereinthe receiving unit receives the control information throughcommunication with the server apparatus.
 12. The content reproductioncontrol system according to claim 9, wherein the control information isissued for a user's contract and assigned to either a main licenseindicating a license which allows use of a plurality of contents underthe contract or a sublicense indicating a license issued for a singlecontent.
 13. The content reproduction control system according to claim1, wherein the control information includes a type of the permittedoperation.
 14. The content reproduction control system according toclaim 1, wherein the control information includes at least one of, foruntil a specific operation is permitted, a number of viewings, viewingtime and a viewing validity period.
 15. The content reproduction controlsystem according to claim 14, wherein the specific operation is one of acommercial message skip, a commercial message fast-forward and acommercial message rewind.
 16. The content reproduction control systemaccording to claim 1, wherein the control information includes a limitconcerning a permitted number of operations or permitted time.
 17. Thecontent reproduction control system according to claim 16, wherein thepermitted operation is a preview of the content.
 18. The contentreproduction control system according to claim 1, wherein the controlinformation is issued for a user's contract and includes a license IDthat specifies either a main license indicating a license which allowsuse of a plurality of contents under the contract or a sublicenseindicating a license which is issued for a single content.
 19. Thecontent reproduction control system according to claim 1, wherein thecontent use control unit controls use of the content so that thepredetermined operation cannot be operated when the control informationis not yet obtained.
 20. The content reproduction control systemaccording to claim 1, wherein the terminal apparatus further includes aviewing record recording unit operable to record a viewing recordincluding a viewed portion of the content, and the content use controlunit controls use of the content in the content use unit using thecontrol information and the viewing record.
 21. The content reproductioncontrol system according to claim 20, wherein the content use controlunit controls a permission for a special reproduction of the content topermit a special reproduction of the content when an amount of theviewing records exceeds a limit of the amount of the viewing recordswhich can be included in the control information.
 22. The contentreproduction control system according to claim 1, wherein the controlinformation generation unit predicts a value of time information andgenerates the control information when the content is a stream typecontent.
 23. The content reproduction control system according to claim1, wherein the control information generation unit generates, when thecontent is a stream type content, the control information after adelivery of the content is started.
 24. The content reproduction controlsystem according to claim 23, wherein the control information generationunit further generates control information only including a beginningtime of a distribution of the content, and the distribution unitdistributes the generated control information after the distribution ofthe control information which excludes the generated controlinformation.
 25. The content reproduction control system according toclaim 1, wherein the control information generation unit generates, whenthe content is a file type content, the control information using timeinformation after a value is defined.
 26. The content reproductioncontrol system according to claim 1, wherein the control information isassigned at least to one of a content key (Kc) distribution EntitlementControl Message (ECM), an Entitlement Control Message-work key (ECM-Kw)and an Entitlement Control Message-content key (ECM-Kc) for digitalbroadcasting.
 27. The content reproduction control system according toclaim 26, wherein different control information are assignedrespectively to the ECM-Kw and the Kc distribution ECM.
 28. The contentreproduction control system according to claim 26, wherein differentcontrol information are assigned respectively to the ECM-Kw and theECM-Kc.
 29. The content reproduction control system according to claim1, wherein a portion of the predetermined operation that is permitted orprohibited is different between two cases: when the content is viewed ina real time; and when the content is stored and viewed.
 30. A serverapparatus in a content reproduction control system comprising the serverapparatus and a terminal apparatus that are connected to each other viaa communication path, comprising: a control information generation unitoperable to generate, based on time information attached to the content,control information which specifies a range for permitting orprohibiting a user's predetermined operation on a content in theterminal apparatus; and a distribution unit operable to distribute thecontrol information to the terminal apparatus.
 31. A terminal apparatusin a content reproduction control system comprising a server apparatusand the terminal apparatus that are connected to each other via acommunication path, comprising: a content use unit operable to use acontent; a receiving unit operable to receive control information; and acontent use control unit operable to control a reproduction of thecontent based on the received control information, the reproductionbeing included in the use of the content performed by the content useunit, wherein the control information is information which specifies,based on time information attached to the content, a range forpermitting or prohibiting a user's predetermined operation on thecontent in the terminal apparatus.
 32. A content reproduction controlmethod used for a content reproduction control system comprising aserver apparatus and a terminal apparatus that are connected to eachother via a communication path, the method including steps A executed inthe server apparatus and steps B executed in the terminal apparatus,wherein the steps A include steps of: generating control informationthat generates, based on time information attached to the content,control information which specifies a range for permitting orprohibiting a user's predetermined operation on a content in theterminal apparatus; and distributing the control information to theterminal apparatus, the steps B include steps of: using the content; andcontrolling a reproduction of the content based on the received controlinformation, the reproduction being included in the use of the content.